From d426c44f072104df6061d521adadef0483baa0225db73946e78dbb60512f32db Mon Sep 17 00:00:00 2001 From: Dirk Mueller Date: Tue, 24 Sep 2024 11:29:18 +0000 Subject: [PATCH] - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. * Add cyrus-sasl-make-digestmd5-work-ssl3.patch - Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) RC4 is legacy provided since openSSL3 and requires explicit loading, dDisable openssl3 depricated API warnings. * Add cyrus-sasl-make-digestmd5-work-ssl3.patch OBS-URL: https://build.opensuse.org/package/show/network/cyrus-sasl?expand=0&rev=110 --- .gitattributes | 23 + .gitignore | 1 + 0001-Fix-time.h-check.patch | 60 ++ README.Source | 7 + _multibuild | 6 + baselibs.conf | 12 + cyrus-sasl-2.1.28.tar.gz | 3 + cyrus-sasl-bdb.changes | 891 ++++++++++++++++++++++ cyrus-sasl-bdb.spec | 257 +++++++ cyrus-sasl-lfs.patch | 13 + cyrus-sasl-make-digestmd5-work-ssl3.patch | 544 +++++++++++++ cyrus-sasl-no_rpath.patch | 21 + cyrus-sasl-rc.tar.bz2 | 3 + cyrus-sasl-saslauthd-bdb.changes | 884 +++++++++++++++++++++ cyrus-sasl-saslauthd-bdb.spec | 171 +++++ cyrus-sasl-saslauthd.changes | 884 +++++++++++++++++++++ cyrus-sasl-saslauthd.spec | 171 +++++ cyrus-sasl.changes | 891 ++++++++++++++++++++++ cyrus-sasl.dif | 49 ++ cyrus-sasl.spec | 306 ++++++++ fix_libpq-fe_include.diff | 11 + pre_checkin.sh | 13 + saslauthd.service | 15 + 23 files changed, 5236 insertions(+) create mode 100644 .gitattributes create mode 100644 .gitignore create mode 100644 0001-Fix-time.h-check.patch create mode 100644 README.Source create mode 100644 _multibuild create mode 100644 baselibs.conf create mode 100644 cyrus-sasl-2.1.28.tar.gz create mode 100644 cyrus-sasl-bdb.changes create mode 100644 cyrus-sasl-bdb.spec create mode 100644 cyrus-sasl-lfs.patch create mode 100644 cyrus-sasl-make-digestmd5-work-ssl3.patch create mode 100644 cyrus-sasl-no_rpath.patch create mode 100644 cyrus-sasl-rc.tar.bz2 create mode 100644 cyrus-sasl-saslauthd-bdb.changes create mode 100644 cyrus-sasl-saslauthd-bdb.spec create mode 100644 cyrus-sasl-saslauthd.changes create mode 100644 cyrus-sasl-saslauthd.spec create mode 100644 cyrus-sasl.changes create mode 100644 cyrus-sasl.dif create mode 100644 cyrus-sasl.spec create mode 100644 fix_libpq-fe_include.diff create mode 100644 pre_checkin.sh create mode 100644 saslauthd.service diff --git a/.gitattributes b/.gitattributes new file mode 100644 index 0000000..9b03811 --- /dev/null +++ b/.gitattributes @@ -0,0 +1,23 @@ +## Default LFS +*.7z filter=lfs diff=lfs merge=lfs -text +*.bsp filter=lfs diff=lfs merge=lfs -text +*.bz2 filter=lfs diff=lfs merge=lfs -text +*.gem filter=lfs diff=lfs merge=lfs -text +*.gz filter=lfs diff=lfs merge=lfs -text +*.jar filter=lfs diff=lfs merge=lfs -text +*.lz filter=lfs diff=lfs merge=lfs -text +*.lzma filter=lfs diff=lfs merge=lfs -text +*.obscpio filter=lfs diff=lfs merge=lfs -text +*.oxt filter=lfs diff=lfs merge=lfs -text +*.pdf filter=lfs diff=lfs merge=lfs -text +*.png filter=lfs diff=lfs merge=lfs -text +*.rpm filter=lfs diff=lfs merge=lfs -text +*.tbz filter=lfs diff=lfs merge=lfs -text +*.tbz2 filter=lfs diff=lfs merge=lfs -text +*.tgz filter=lfs diff=lfs merge=lfs -text +*.ttf filter=lfs diff=lfs merge=lfs -text +*.txz filter=lfs diff=lfs merge=lfs -text +*.whl filter=lfs diff=lfs merge=lfs -text +*.xz filter=lfs diff=lfs merge=lfs -text +*.zip filter=lfs diff=lfs merge=lfs -text +*.zst filter=lfs diff=lfs merge=lfs -text diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..57affb6 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.osc diff --git a/0001-Fix-time.h-check.patch b/0001-Fix-time.h-check.patch new file mode 100644 index 0000000..0dce629 --- /dev/null +++ b/0001-Fix-time.h-check.patch @@ -0,0 +1,60 @@ +From 266f0acf7f5e029afbb3e263437039e50cd6c262 Mon Sep 17 00:00:00 2001 +From: Sam James +Date: Wed, 23 Feb 2022 00:45:15 +0000 +Subject: [PATCH 1/1] Fix check +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +We're conditionally including based on HAVE_TIME_H in a bunch of places, +but we're not actually checking for time.h, so that's never going to be defined. + +While at it, add in a missing include in the cram plugin. + +This fixes a bunch of implicit declaration warnings: +``` + * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/lib/saslutil.c:280:3: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/lib/saslutil.c:364:41: warning: implicit declaration of function ‘clock’ [-Wimplicit-function-declaration] + * cyrus-sasl-2.1.28/plugins/cram.c:132:7: warning: implicit declaration of function ‘time’ [-Wimplicit-function-declaration] +``` + +Signed-off-by: Sam James +--- + configure.ac | 2 +- + plugins/cram.c | 4 ++++ + 2 files changed, 5 insertions(+), 1 deletion(-) + +diff --git a/configure.ac b/configure.ac +index e1bf53b6..ad781830 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1290,7 +1290,7 @@ AC_CHECK_HEADERS_ONCE([sys/time.h]) + + AC_HEADER_DIRENT + AC_HEADER_SYS_WAIT +-AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h) ++AC_CHECK_HEADERS(crypt.h des.h dlfcn.h fcntl.h limits.h malloc.h paths.h strings.h sys/file.h sys/time.h syslog.h time.h unistd.h inttypes.h sys/uio.h sys/param.h sysexits.h stdarg.h varargs.h krb5.h) + + IPv6_CHECK_SS_FAMILY() + IPv6_CHECK_SA_LEN() +diff --git a/plugins/cram.c b/plugins/cram.c +index d02e9baa..695aaa91 100644 +--- a/plugins/cram.c ++++ b/plugins/cram.c +@@ -53,6 +53,10 @@ + #endif + #include + ++#ifdef HAVE_TIME_H ++#include ++#endif ++ + #include + #include + #include +-- +2.35.3 + diff --git a/README.Source b/README.Source new file mode 100644 index 0000000..b762b0c --- /dev/null +++ b/README.Source @@ -0,0 +1,7 @@ +Because of potential legal risk we have removed the +directory "dlcompat-20010505/" from the source tarball + +If you want to see the original sources you can download +them from: + + ftp://ftp.cyrusimap.org/cyrus-sasl diff --git a/_multibuild b/_multibuild new file mode 100644 index 0000000..095b536 --- /dev/null +++ b/_multibuild @@ -0,0 +1,6 @@ + + cyrus-sasl-bdb + cyrus-sasl-saslauthd + cyrus-sasl-saslauthd-bdb + + diff --git a/baselibs.conf b/baselibs.conf new file mode 100644 index 0000000..47837c1 --- /dev/null +++ b/baselibs.conf @@ -0,0 +1,12 @@ +libsasl2-3 +cyrus-sasl +cyrus-sasl-devel + requires -cyrus-sasl- + requires "libsasl2-3- = " +cyrus-sasl-crammd5 +cyrus-sasl-digestmd5 +cyrus-sasl-gssapi +cyrus-sasl-otp +cyrus-sasl-plain +cyrus-sasl-sqlauxprop +cyrus-sasl-ldap-auxprop diff --git a/cyrus-sasl-2.1.28.tar.gz b/cyrus-sasl-2.1.28.tar.gz new file mode 100644 index 0000000..2768b39 --- /dev/null +++ b/cyrus-sasl-2.1.28.tar.gz @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:7ccfc6abd01ed67c1a0924b353e526f1b766b21f42d4562ee635a8ebfc5bb38c +size 4034803 diff --git a/cyrus-sasl-bdb.changes b/cyrus-sasl-bdb.changes new file mode 100644 index 0000000..01a3c27 --- /dev/null +++ b/cyrus-sasl-bdb.changes @@ -0,0 +1,891 @@ +------------------------------------------------------------------- +Thu Sep 19 06:36:56 UTC 2024 - Angel Yankov + +- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) + RC4 is legacy provided since openSSL3 and requires explicit loading, disable openssl3 depricated API warnings. + * Add cyrus-sasl-make-digestmd5-work-ssl3.patch + +------------------------------------------------------------------- +Tue May 7 08:26:51 UTC 2024 - Peter Varkoly + +- GCC 14: cyrus-sasl package fails (bsc#1221863) + Apply upstream patch: + 0001-Fix-time.h-check.patch + +------------------------------------------------------------------- +Mon Feb 26 10:50:23 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Mon Nov 6 09:03:23 UTC 2023 - Dominique Leuenberger + +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +------------------------------------------------------------------- +Thu May 4 11:21:19 UTC 2023 - Dominique Leuenberger + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Mon Jan 23 20:35:54 UTC 2023 - Dirk Müller + +- drop optional opie dependency + +------------------------------------------------------------------- +Wed Dec 7 11:15:12 UTC 2022 - Dominique Leuenberger + +- Do not set directories inside doc/ mode 644; otherwise the + directories are set 644 as well, which means no files inside are + accessible. This resulted in the past in doc/ actually not being + added to the devel package. + +------------------------------------------------------------------- +Wed Mar 9 08:39:23 UTC 2022 - Dirk Müller + +- update to 2.1.28 (bsc#1196036, CVE-2022-24407): + * https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 +- drop cyrus-sasl-bug587.patch (upstream) + +------------------------------------------------------------------- +Mon Jan 31 10:03:15 UTC 2022 - Dirk Müller + +- cyrus-sasl: prevent fail of %pre when berkely db utils are + not installed (seems like we want to use this only for upgrade + so no Prereq added) +- move license to licensedir +- remove use of RPM_BUILD_ROOT +- minimal spec cleanups +- avoid bashisms + +------------------------------------------------------------------- +Thu Jan 13 14:58:15 UTC 2022 - Peter Varkoly + +- postfix: sasl authentication with password fails (bsc#1194265) + Add config parameter --with-dblib=gdbm +- Avoid converting of /etc/sasldb2 by every update. Convert + /etc/sasldb2 only if it is a Berkeley DB + +------------------------------------------------------------------- +Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly + +- Fix build: Do not build libsasl2-3 in the bdb package. This will + not be linked to berkely db. libsasl2-3 is now defined as + %BuildRequires and %Requires + +------------------------------------------------------------------- +Fri Jan 8 11:32:42 UTC 2021 - Peter Varkoly + +- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root + due to insecure tmp file usage. (bsc#1180669) + Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary + files. + +------------------------------------------------------------------- +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The packages cyrus-sasl and cyrus-sasl-saslauthd are built + without Berkely DB support. gdbm will be used instead of BDB. + The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder + +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) + +------------------------------------------------------------------- +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly + +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com + +- OpenSSL 1.1 support (bsc#1055463) + * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora + +------------------------------------------------------------------- +Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com + +- added cyrus-sasl-issue-402.patch to fix + SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 + (see https://github.com/cyrusimap/cyrus-sasl/issues/402) + +------------------------------------------------------------------- +Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com + +- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5 + +------------------------------------------------------------------- +Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com + +- really use SASLAUTHD_PARAMS variable (bnc#938657) + +------------------------------------------------------------------- +Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com + +- bnc#908883 cyrus-sasl-scram refers to wrong RFC + +------------------------------------------------------------------- +Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de + +- Make sure /usr/sbin/rcsaslauthd exists + +------------------------------------------------------------------- +Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com + +- bnc#897837 saslauthd package has no config + +------------------------------------------------------------------- +Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org + +- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure + +------------------------------------------------------------------- +Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com + +- Remove insserv dependency; it's unneeded with systemd' systems +- Remove insserv and fillup dependency in cyrus-sasl package; there + is neither sysconfig or init file + +------------------------------------------------------------------- +Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com + +- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 + cyrus-sasl-revert_gssapi_flags.patch (bnc#775279) + +------------------------------------------------------------------- +Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com + +- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always' + +------------------------------------------------------------------- +Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de + +- Implement shlib packaging guidelines: make subpackage libsasl2-3. + (All other .so files are _server_ plugins AFAICS, loaded via + dlopen.) +- Ensure directories are owned by packages and thus get torn down + on package removal + +------------------------------------------------------------------- +Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com + +- Put back the .so files to sasl auth packages from devel file. + The .so files are read by some application instead of full path + so in order for auth to work this files must be available + +------------------------------------------------------------------- +Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com + +- Add patch fix-sasl-header.diff to resolve build issues that + are failing due to typedef 'sasl_malloc_t' is initialized. + (see gentoo#458870, fedora#906519) + +------------------------------------------------------------------- +Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com + +- Removed server side service to comply with Factory rules + +------------------------------------------------------------------- +Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com + +- Update to 2.1.26 + * Modernize SASL malloc/realloc callback prototypes + * Added sasl_config_done() to plug a memory leak when using an application specific config file + * Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590). + * unlock the mutex in sasl_dispose if the context was freed by another thread + * MINGW32 compatibility patches + * Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0 + * Fixed some memory leaks in libsasl + - GSSAPI plugin: + + Fixed a segfault in gssapi.c introduced in 2.1.25. + + Code refactoring + + Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable + - GS2 plugin: + + Updated GS2 plugin not to lose minor GSS-API status codes on errors + - DIGEST-MD5 plugin: + + Correctly send "stale" directive to prevent clients from (re)promtping for password + + Better handling of HTTP reauthentication cases + + fixed some memory leaks + - SASLDB plugin: + + Added support for BerkleyDB 5.X or later + - OTP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - SRP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - saslauthd: + + auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes + + auth_rimap.c: read the whole IMAP greeting + + better error reporting from some drivers + + fixed some memory leaks +- New BuildRequires for pkgconfig since pkgconfig file is generated +- Removed patches that do no longer apply + * cyrus-sasl-gcc4.patch (integrated upstream) + * cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream) + * gssapi-null-deref.dif (integrated upstream) + * Fix-abort_if_no_fqdn-behavior.patch (integrated upstream) + * cyrus-sasl-db6.diff (integrated upstream) +- Move *.so files into devel package + +------------------------------------------------------------------- +Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc + +- Fix for bnc#827230 and #784705, fix patch as described in + #827230, typo in patch from request 112480 (remove rpath, + Apr 4 2012), preventing sql auxprop plugin to work + +------------------------------------------------------------------- +Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de + +- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5 +- Simpler delete of .la files with find + +------------------------------------------------------------------- +Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de + +- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0, + a getaddrinfo failure should be ignored, as long as gethostname() + succeeded. (bnc#771983) + +------------------------------------------------------------------- +Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org + +- Ensure libraries and tools are built with LFS and include + config.h in all C files. + +------------------------------------------------------------------- +Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com + +- remove rpath + +------------------------------------------------------------------- +Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de + +- Move some doc files to devel package and to cyrus-sasl-saslauthd. + +------------------------------------------------------------------- +Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de + +- Removed debug printfs from cyrus-sasl.dif, added by accident +- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with + latest upstream improvements + +------------------------------------------------------------------- +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + +------------------------------------------------------------------- +Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com + +- add dependency to avoid broken parallel make + +------------------------------------------------------------------- +Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com + +- Fixed attributes of /var/run/sasl2 in filelist + +------------------------------------------------------------------- +Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com + +- Removed the /var/run/sasl2 directory from cyrus-sasl.spec. + It will now be created on demand by the saslauthd init script. +- Adjusted init script headers to silence rpmlint warning/errors. + +------------------------------------------------------------------- +Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com + +- Fixed linker arguments for ldap- and sql-auxprop plugins + (bnc#555568) + +------------------------------------------------------------------- +Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com + +- build against krb5-mini to avoid build cycle + +------------------------------------------------------------------- +Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com + +- Update to 2.1.23, the only change is a fix for a potential buffer + overflow in sasl_encode64() (bnc#499104, CVE-2009-0688) +- Imported some automake/libtool fixes from upstream cvs + +------------------------------------------------------------------- +Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de + +- fix build with GCC 4.4 +- remove all "la" files + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de + +- Fixed init-scripts Required-Stop Tags + +------------------------------------------------------------------- +Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de + +- Enhance sysconfig file and init script to allow to pass arbitrary + parameters to saslauthd (bnc#397808) +- Fixed description of the SASLAUTHD_THREADS sysconfig option. + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de + +- Moved "Version:" up to the top to make versioned + Obsoletes/Requires work correctly. + +------------------------------------------------------------------- +Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de + +- Enabled NTLM authentication plugin (bnc#343665), created new + subpackage cyrus-sasl-ntlm +- Replaced %run_ldconfig macro as suggested by rpmlint +- Replaced unversioned Obsoltes/Provides with versioned ones +- Removed unneeded Split-Provides + +------------------------------------------------------------------- +Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de + +- Fixed some RPMLINT complaints +- re-enabled accidently disabled "kerberos5" authmech for saslauthd + (Bug #335754) + +------------------------------------------------------------------- +Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de + +- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to + set the number of threads that saslauthd should spawn + (Bug #199114) + +------------------------------------------------------------------- +Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de + +- Use /etc/sasl2/ as directory for config files of services + %{_libdir} can still be used for backwards compatibilty + (Bug #206414) + +------------------------------------------------------------------- +Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de + +- Remove unneeded automake/autoheader calls + +------------------------------------------------------------------- +Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de + +- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce + BuildRequires of cyrus-sasl.spec +- Removed unneeded openldap2 from BuildRequires of + cyrus-sasl-saslauthd + +------------------------------------------------------------------- +Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de + +- Enabled the ldapdb auxprop plugin and created new subpackage + cyrus-sasl-ldap-auxprop for it (Bug #201478) + +------------------------------------------------------------------- +Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de + +- remove saslauthd man-page from cyrus-sasl package to solve + confict with -saslauthd subpackage (Bug #200490) + +------------------------------------------------------------------- +Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de + +- updated to 2.1.22 + * new pluginviewer utility for reporting information about client + and server side authentication plugins and auxprop plugins + (e.g. supported features, methods, etc.). + * Added support for HTTP POST password validation in saslauthd +- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name + collision with other packages in src.rpm (Bug #98188) +- include "crypt.h" in auth_shadow.c to avoid possible crash in + saslauthd (Bug #179621) + +------------------------------------------------------------------- +Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de + +- remove dlcompat-20010505 from tarball because of legal risk and + documented this in README.Source (Bug: #161390) +- added check for dlcompat-20010505 to the spec file + +------------------------------------------------------------------- +Wed Jan 25 21:30:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de + +- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database + +------------------------------------------------------------------- +Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de + +- use /dev/urandom instead of /dev/random, see + http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue + for an explanation +- removed the useless .la files from rpm + +------------------------------------------------------------------- +Tue May 17 18:42:14 CEST 2005 - choeger@suse.de + +- update to version 2.1.21 + +------------------------------------------------------------------- +Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de + +- now also build the sql auxprop plugin; created new subpackage + cyrus-sasl-sqlauxprop + +------------------------------------------------------------------- +Fri Feb 25 17:24:12 CET 2005 - uli@suse.de + +- better GCC4 fix + +------------------------------------------------------------------- +Fri Feb 25 14:40:12 CET 2005 - uli@suse.de + +- fixed to build with GCC4 + +------------------------------------------------------------------- +Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de + +- Get rid of .cvsignore files +- Don't remove buildroot before install + +------------------------------------------------------------------- +Mon Oct 25 11:47:36 CEST 2004 - choeger@suse.de + +- update to version 2.1.20 + +------------------------------------------------------------------- +Wed Oct 6 15:00:16 CEST 2004 - choeger@suse.de + +- Bugfix ID#46847 - VUL-0: SASL environment variable local root + +------------------------------------------------------------------- +Mon Sep 20 15:54:37 CEST 2004 - choeger@suse.de + +- package binaries of sample-client and -server instead of + shell wrappers (which do not work) + +------------------------------------------------------------------- +Fri Sep 17 11:20:28 CEST 2004 - choeger@suse.de + +- removed saslauthd from cyrus-sasl requires, as it is only + needed on a "server" side and also not in every case (buildin + mechanisms as CRAM- or DIGEST-MD5 do not need it) +- added split-provides for saslauthd + +------------------------------------------------------------------- +Mon Sep 6 13:37:56 CEST 2004 - choeger@suse.de + +- added testsaslauthd to filelist +- removed saslauthd and insserv makros from cyrus-sasl.spec + +------------------------------------------------------------------- +Fri Sep 3 13:14:02 CEST 2004 - choeger@suse.de + +- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic + dependency openldap2 <-> cyrus-sasl with saslauthd having + LDAP support + +------------------------------------------------------------------- +Tue Aug 31 11:55:28 CEST 2004 - choeger@suse.de + +- removed update messages and implemented "split-provides" + instead + +------------------------------------------------------------------- +Tue Aug 31 10:12:22 CEST 2004 - choeger@suse.de + +- added LDAP support for saslauthd, Bugzilla ID#44051 + +------------------------------------------------------------------- +Mon Aug 30 13:54:01 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#44346 - still using /var/adm/notify + now using new update messages mechanism +- added sample/client sample/server to file list + +------------------------------------------------------------------- +Thu Jul 15 13:50:15 CEST 2004 - choeger@suse.de + +- update to version 2.1.19 + +------------------------------------------------------------------- +Tue Jun 15 11:30:48 CEST 2004 - choeger@suse.de + +- bugfix id#39245 - cyrus-sasl includes straycat man page + +------------------------------------------------------------------- +Fri Mar 12 17:57:06 CET 2004 - choeger@suse.de + +- update to version 2.1.18 (Bugfix Release) + +------------------------------------------------------------------- +Tue Jan 27 15:39:57 CET 2004 - choeger@suse.de + +- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath + +------------------------------------------------------------------- +Thu Jan 22 12:28:34 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34019, notice users about the fact, that + cyrus-sasl has been splitted into subpackages + +------------------------------------------------------------------- +Fri Jan 16 13:08:08 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Tue Dec 2 10:11:37 CET 2003 - choeger@suse.de + +- update to version 2.1.17 + +------------------------------------------------------------------- +Fri Oct 31 16:59:33 CET 2003 - choeger@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Fri Oct 17 22:23:19 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 16 13:13:09 CEST 2003 - kukuk@suse.de + +- Add missing Provides [Bug #31005] + +------------------------------------------------------------------- +Mon Sep 1 13:26:43 CEST 2003 - choeger@suse.de + +- removed "-u root" from startproc as it always failes +- removed link to doc/components.html from doc/index.html as + components.html does not exist (Bugzilla ID#29253) + +------------------------------------------------------------------- +Thu Aug 14 18:48:47 CEST 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#28932: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 13:27:05 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Tue Jul 15 18:52:11 CEST 2003 - choeger@suse.de + +- update to version 2.1.15 + +------------------------------------------------------------------- +Mon Jun 30 18:04:22 CEST 2003 - choeger@suse.de + +- update to version 2.1.14 + +------------------------------------------------------------------- +Wed Jun 18 12:03:48 CEST 2003 - ro@suse.de + +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Jun 13 10:25:14 CEST 2003 - kukuk@suse.de + +- Add missing directory to filelist + +------------------------------------------------------------------- +Fri May 9 09:54:05 CEST 2003 - choeger@suse.de + +- use -ldb instead of -ldb-x.y to manually link the + dbconverter + +------------------------------------------------------------------- +Tue May 6 14:37:14 CEST 2003 - choeger@suse.de + +- update to version 2.1.13 + +------------------------------------------------------------------- +Tue Apr 15 08:50:41 CEST 2003 - ro@suse.de + +- added krb4-lib,krb4-devel to neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 14:56:11 CEST 2003 - choeger@suse.de + +- renamed to cyrus-sasl +- splitted libraries for the following auth methods into seperate + packages: + - crammd5 + - digestmd5 + - otp + - plain + this is to prevent from annoying warnings about missing proper + setup of mechanisms we don't use + +------------------------------------------------------------------- +Thu Mar 6 18:19:30 CET 2003 - choeger@suse.de + +- ever used dbconverter-2? Well it is just a shell script + which uses the damn compiled source tree... :-( + manually building dbconverter to let users convert their + /etc/sasldb from v1 to v2 using /usr/sbin/dbconverter + +------------------------------------------------------------------- +Thu Mar 6 17:34:18 CET 2003 - choeger@suse.de + +- as cyrus-sasl is dropped now: + provide cyrus-sasl-*, obsolete cyrus-sasl-* + (Bugzilla ID# 24762) + +------------------------------------------------------------------- +Tue Feb 4 10:48:37 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.12, bug-fix release. + This release addresses a few minor build and distribution + related issues + +------------------------------------------------------------------- +Mon Feb 3 10:54:48 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.11, bug-fix release. + It addresses a number of issues in the build system, a + memory leak in the doors IPC method for saslauthd, and fixes the NTLM + server side support to only require one of the LM or NT methods. + +------------------------------------------------------------------- +Thu Jan 23 11:03:56 CET 2003 - choeger@suse.de + +- don't use new libtool macros as cyrus-sasl2 seems to not + work when using them. +- added patch to compile shared libraries on ppc + +------------------------------------------------------------------- +Wed Jan 15 09:21:28 CET 2003 - kukuk@suse.de + +- Remove openldap2 from needed for build + +------------------------------------------------------------------- +Tue Jan 14 11:18:35 CET 2003 - choeger@suse.de + +- do not build the static library anymore + +------------------------------------------------------------------- +Wed Dec 11 13:15:29 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates + +------------------------------------------------------------------- +Tue Dec 10 09:46:44 CET 2002 - choeger@suse.de + +- update to version 2.1.10 + This version corrects a number of DIGEST-MD5 + interoperability issues, as well as corrects some potential buffer + overflows. + +------------------------------------------------------------------- +Thu Oct 31 00:23:42 CET 2002 - ro@suse.de + +- make it build again + +------------------------------------------------------------------- +Tue Oct 29 15:13:35 CET 2002 - ro@suse.de + +- remove own libtool macros + +------------------------------------------------------------------- +Thu Oct 24 10:42:11 CEST 2002 - choeger@suse.de + +- update to latest version 2.1.9 + +------------------------------------------------------------------- +Thu Sep 12 14:52:42 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict + with cyrus-sasl2-devel, because they contain files with the + same name + +------------------------------------------------------------------- +Mon Aug 19 18:48:02 CEST 2002 - rhafer@suse.de + +- enabled building of the static libsasl.a. It is needed for + cyrus-imap to be usable with nss_ldap (which is linked against + cyrus-sasl1) + +------------------------------------------------------------------- +Mon Aug 12 11:04:01 CEST 2002 - choeger@suse.de + +- update to version 2.1.7 + +------------------------------------------------------------------- +Thu Aug 8 10:31:06 CEST 2002 - choeger@suse.de + +- added .la files to the sasl2 plugin directory + ([lt_]dlopen seems to need that) + +------------------------------------------------------------------- +Mon Aug 5 17:07:37 CEST 2002 - choeger@suse.de + +- added Prereq + +------------------------------------------------------------------- +Sat Jul 27 18:09:53 CEST 2002 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Wed Jul 17 10:08:45 CEST 2002 - choeger@suse.de + +- update to version 2.1.6 + +------------------------------------------------------------------- +Wed Jun 19 18:25:16 CEST 2002 - choeger@suse.de + +- also install dbconverter-2 to be able to migrate from + cyrus-sasl(1) + +------------------------------------------------------------------- +Tue Jun 18 16:21:06 CEST 2002 - choeger@suse.de + +- /var/run/sasl2 must be 755 to let non root daemons + connect to unix socket + +------------------------------------------------------------------- +Tue Jun 18 16:09:08 CEST 2002 - choeger@suse.de + +- added initscript and sysconfig file for saslauthd +- added docs + +------------------------------------------------------------------- +Tue Jun 18 12:34:35 CEST 2002 - rhafer@suse.de + +- added opie to needforbuild +- should build on ppc64 and s390x now + +------------------------------------------------------------------- +Mon Jun 17 20:37:14 CEST 2002 - rhafer@suse.de + +- additional autoconf related patches, that were missing at first + check in + +------------------------------------------------------------------- +Mon Jun 17 18:12:24 CEST 2002 - rhafer@suse.de + +- Initial checkin of cyrus-sasl-2.1.5 + diff --git a/cyrus-sasl-bdb.spec b/cyrus-sasl-bdb.spec new file mode 100644 index 0000000..4c99b6b --- /dev/null +++ b/cyrus-sasl-bdb.spec @@ -0,0 +1,257 @@ +# +# spec file for package cyrus-sasl-bdb +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +Name: cyrus-sasl-bdb +%define lname libsasl2-3 +Version: 2.1.28 +Release: 0 +URL: https://github.com/cyrusimap/cyrus-sasl +Summary: Implementation of Cyrus SASL API +License: BSD-4-Clause +Group: Productivity/Networking/Other +Source: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-%{version}/cyrus-sasl-%{version}.tar.gz +Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf +Patch0: cyrus-sasl.dif +Patch5: cyrus-sasl-no_rpath.patch +Patch6: cyrus-sasl-lfs.patch +Patch7: fix_libpq-fe_include.diff +Patch8: 0001-Fix-time.h-check.patch +BuildRoot: %{_tmppath}/%{name}-%{version}-build +Requires: libsasl2-3 +BuildRequires: db-devel +BuildRequires: krb5-mini-devel +BuildRequires: libsasl2-3 +BuildRequires: libtool +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: pkg-config +%ifarch ppc64 +# bug437293 +Obsoletes: cyrus-sasl-64bit +%endif +Conflicts: cyrus-sasl + +%description +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package gssapi +Summary: Plugin for the GSSAPI SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-gssapi + +%description gssapi +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package crammd5 +Summary: Plugin for the CRAMMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-crammd5 + +%description crammd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package digestmd5 +Summary: Plugin for the DIGESTMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-digestmd5 + +%description digestmd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package otp +Summary: Plugin for the OTP SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-otp + +%description otp +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package plain +Summary: Plugin for the PLAIN SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-plain + +%description plain +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package ntlm +Summary: Plugin for the NTLM SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-ntlm + +%description ntlm +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package gs2 +Summary: Plugin for the GS2 SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-gs2 + +%description gs2 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package scram +Summary: Plugin for the SCRAM SASL mechanism +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-scram + +%description scram +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 5802 for more +information. + +%package devel +# bug437293 +%ifarch ppc64 +Obsoletes: cyrus-sasl-devel-64bit +%endif +# +Summary: Cyrus SASL API Implementation, Libraries and Header Files +Group: Development/Libraries/C and C++ +Requires: %lname = %version +Requires: glibc-devel +Conflicts: cyrus-sasl-devel + +%description devel +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%prep +%setup -q -n cyrus-sasl-%{version} -a 1 +if [ -e %{_builddir}/cyrus-sasl-%{version}/dlcompat-*/ ] +then + echo "dlcompat contains potential legal risks." + rm -rf %{_builddir}/cyrus-sasl-%{version}/dlcompat-* +fi +%patch -P 0 +%patch -P 5 -p1 +%patch -P 6 -p1 +%patch -P 7 -p1 +%patch -P 8 -p1 + +%build +find . -name "*.cvsignore" -exec rm -fv "{}" "+" +autoreconf -f +export CFLAGS="%optflags -fno-strict-aliasing" +%configure --with-pic \ + --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/run/sasl2/ \ + --enable-pam \ + --enable-sample \ + --enable-login \ + --enable-gssapi \ + --enable-ntlm \ + --enable-krb4=no \ + --enable-sql=no \ + --with-devrandom=/dev/urandom +%{__make} %{?_smp_mflags} sasldir=%{_libdir}/sasl2 + +%install +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +mkdir -p $RPM_BUILD_ROOT/usr/bin +mkdir -p $RPM_BUILD_ROOT/etc/sasl2 +install -m 755 sample/.libs/client $RPM_BUILD_ROOT/usr/bin/cyrus_sasl_sample_client +install -m 755 sample/.libs/server $RPM_BUILD_ROOT/usr/bin/cyrus_sasl_sample_server +find doc -type f -exec chmod 0644 {} \; +rm -f doc/Makefile* +rm -f $RPM_BUILD_ROOT/%{_mandir}/cat?/* +rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/saslauthd* +rm -f $RPM_BUILD_ROOT/%{_mandir}/man8/testsaslauthd* +rm -f $RPM_BUILD_ROOT/usr/sbin/saslauthd +rm -f $RPM_BUILD_ROOT/usr/sbin/testsaslauthd +rm -r $RPM_BUILD_ROOT%{_libdir}/libsasl2.so.3* +find "%buildroot" -type f -name "*.la" -print -delete + +%files +%license COPYING +%dir %{_libdir}/sasl2 +%{_libdir}/sasl2/libanonymous.so* +%{_libdir}/sasl2/liblogin.so* +%{_libdir}/sasl2/libsasldb.so* +%dir /etc/sasl2/ +/usr/sbin/* +/usr/bin/* +%doc %{_mandir}/man3/sasl.*.gz +%doc %{_mandir}/man8/*.gz + +%files gssapi +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgssapiv2.so* + +%files crammd5 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libcrammd5.so* + +%files digestmd5 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libdigestmd5.so* + +%files otp +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libotp.so* + +%files plain +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libplain.so* + +%files ntlm +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libntlm.so* + +%files gs2 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgs2.so* + +%files scram +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libscram.so* + +%files devel +%license COPYING +%doc AUTHORS ChangeLog README doc +%_includedir/sasl/ +%doc %{_mandir}/man3/sasl_*.gz +%{_libdir}/libsasl2.so +%{_libdir}/pkgconfig/* + +%changelog diff --git a/cyrus-sasl-lfs.patch b/cyrus-sasl-lfs.patch new file mode 100644 index 0000000..0ced6b3 --- /dev/null +++ b/cyrus-sasl-lfs.patch @@ -0,0 +1,13 @@ +--- cyrus-sasl-2.1.27.orig/configure.ac 2018-10-09 16:58:04.000000000 +0200 ++++ cyrus-sasl-2.1.27/configure.ac 2018-11-17 13:05:26.475631124 +0100 +@@ -95,7 +95,9 @@ + enable_obsolete_digest_attr=$enableval, + enable_obsolete_digest_attr=yes) + +-AC_PROG_CC ++AC_PROG_CC_STDC ++AC_USE_SYSTEM_EXTENSIONS ++AC_SYS_LARGEFILE + AX_PROG_CC_FOR_BUILD + AC_PROG_CPP + AC_PROG_AWK diff --git a/cyrus-sasl-make-digestmd5-work-ssl3.patch b/cyrus-sasl-make-digestmd5-work-ssl3.patch new file mode 100644 index 0000000..62f448a --- /dev/null +++ b/cyrus-sasl-make-digestmd5-work-ssl3.patch @@ -0,0 +1,544 @@ +Index: cyrus-sasl-2.1.28/plugins/digestmd5.c +=================================================================== +--- cyrus-sasl-2.1.28.orig/plugins/digestmd5.c ++++ cyrus-sasl-2.1.28/plugins/digestmd5.c +@@ -80,6 +80,12 @@ + # endif + #endif /* WITH_DES */ + ++/* legacy provider with openssl 3.0 */ ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++# include ++# include ++#endif ++ + #ifdef WIN32 + # include + #else /* Unix */ +@@ -170,6 +176,12 @@ enum Context_type { SERVER = 0, CLIENT = + + typedef struct cipher_context cipher_context_t; + ++typedef struct crypto_context { ++ void *libctx; ++ cipher_context_t *enc_ctx; ++ cipher_context_t *dec_ctx; ++} crypto_context_t; ++ + /* cached auth info used for fast reauth */ + typedef struct reauth_entry { + char *authid; +@@ -254,12 +266,12 @@ typedef struct context { + decode_context_t decode_context; + + /* if privacy mode is used use these functions for encode and decode */ ++ char *cipher_name; + cipher_function_t *cipher_enc; + cipher_function_t *cipher_dec; + cipher_init_t *cipher_init; + cipher_free_t *cipher_free; +- struct cipher_context *cipher_enc_context; +- struct cipher_context *cipher_dec_context; ++ crypto_context_t crypto; + } context_t; + + struct digest_cipher { +@@ -888,7 +900,7 @@ static int dec_3des(context_t *text, + char *output, + unsigned *outputlen) + { +- des_context_t *c = (des_context_t *) text->cipher_dec_context; ++ des_context_t *c = (des_context_t *) text->crypto.dec_ctx; + int padding, p; + + des_ede2_cbc_encrypt((void *) input, +@@ -925,7 +937,7 @@ static int enc_3des(context_t *text, + char *output, + unsigned *outputlen) + { +- des_context_t *c = (des_context_t *) text->cipher_enc_context; ++ des_context_t *c = (des_context_t *) text->crypto.enc_ctx; + int len; + int paddinglen; + +@@ -973,7 +985,7 @@ static int init_3des(context_t *text, + return SASL_FAIL; + memcpy(c->ivec, ((char *) enckey) + 8, 8); + +- text->cipher_enc_context = (cipher_context_t *) c; ++ text->crypto.enc_ctx = (cipher_context_t *) c; + + /* setup dec context */ + c++; +@@ -987,7 +999,7 @@ static int init_3des(context_t *text, + + memcpy(c->ivec, ((char *) deckey) + 8, 8); + +- text->cipher_dec_context = (cipher_context_t *) c; ++ text->crypto.dec_ctx = (cipher_context_t *) c; + + return SASL_OK; + } +@@ -1006,7 +1018,7 @@ static int dec_des(context_t *text, + char *output, + unsigned *outputlen) + { +- des_context_t *c = (des_context_t *) text->cipher_dec_context; ++ des_context_t *c = (des_context_t *) text->crypto.dec_ctx; + int p, padding = 0; + + des_cbc_encrypt((void *) input, +@@ -1046,7 +1058,7 @@ static int enc_des(context_t *text, + char *output, + unsigned *outputlen) + { +- des_context_t *c = (des_context_t *) text->cipher_enc_context; ++ des_context_t *c = (des_context_t *) text->crypto.enc_ctx; + int len; + int paddinglen; + +@@ -1093,7 +1105,7 @@ static int init_des(context_t *text, + + memcpy(c->ivec, ((char *) enckey) + 8, 8); + +- text->cipher_enc_context = (cipher_context_t *) c; ++ text->crypto.enc_ctx = (cipher_context_t *) c; + + /* setup dec context */ + c++; +@@ -1102,60 +1114,139 @@ static int init_des(context_t *text, + + memcpy(c->ivec, ((char *) deckey) + 8, 8); + +- text->cipher_dec_context = (cipher_context_t *) c; ++ text->crypto.dec_ctx = (cipher_context_t *) c; + + return SASL_OK; + } + + static void free_des(context_t *text) + { +- /* free des contextss. only cipher_enc_context needs to be free'd, +- since cipher_dec_context was allocated at the same time. */ +- if (text->cipher_enc_context) text->utils->free(text->cipher_enc_context); ++ /* free des contextss. only enc_ctx needs to be free'd, ++ since dec_cxt was allocated at the same time. */ ++ if (text->crypto.enc_ctx) { ++ text->utils->free(text->crypto.enc_ctx); ++ } + } + + #endif /* WITH_DES */ + + #ifdef WITH_RC4 +-#ifdef HAVE_OPENSSL + #include + ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++typedef struct ossl3_library_context { ++ OSSL_LIB_CTX *libctx; ++ OSSL_PROVIDER *legacy_provider; ++ OSSL_PROVIDER *default_provider; ++} ossl3_context_t; ++ ++static int init_ossl3_ctx(context_t *text) ++{ ++ ossl3_context_t *ctx = text->utils->malloc(sizeof(ossl3_context_t)); ++ if (!ctx) return SASL_NOMEM; ++ ++ ctx->libctx = OSSL_LIB_CTX_new(); ++ if (!ctx->libctx) { ++ text->utils->free(ctx); ++ return SASL_FAIL; ++ } ++ ++ /* Load both legacy and default provider as both may be needed */ ++ /* if they fail keep going and an error will be raised when we try to ++ * fetch the cipher later */ ++ ctx->legacy_provider = OSSL_PROVIDER_load(ctx->libctx, "legacy"); ++ ctx->default_provider = OSSL_PROVIDER_load(ctx->libctx, "default"); ++ text->crypto.libctx = (void *)ctx; ++ ++ return SASL_OK; ++} ++ ++static void free_ossl3_ctx(context_t *text) ++{ ++ ossl3_context_t *ctx; ++ ++ if (!text->crypto.libctx) return; ++ ++ ctx = (ossl3_context_t *)text->crypto.libctx; ++ ++ if (ctx->legacy_provider) OSSL_PROVIDER_unload(ctx->legacy_provider); ++ if (ctx->default_provider) OSSL_PROVIDER_unload(ctx->default_provider); ++ if (ctx->libctx) OSSL_LIB_CTX_free(ctx->libctx); ++ ++ text->utils->free(ctx); ++ text->crypto.libctx = NULL; ++} ++#endif ++ + static void free_rc4(context_t *text) + { +- if (text->cipher_enc_context) { +- EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_enc_context); +- text->cipher_enc_context = NULL; +- } +- if (text->cipher_dec_context) { +- EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->cipher_dec_context); +- text->cipher_dec_context = NULL; ++ if (text->crypto.enc_ctx) { ++ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->crypto.enc_ctx); ++ text->crypto.enc_ctx = NULL; ++ } ++ if (text->crypto.dec_ctx) { ++ EVP_CIPHER_CTX_free((EVP_CIPHER_CTX *)text->crypto.dec_ctx); ++ text->crypto.dec_ctx = NULL; + } ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ free_ossl3_ctx(text); ++#endif + } + + static int init_rc4(context_t *text, + unsigned char enckey[16], + unsigned char deckey[16]) + { ++ const EVP_CIPHER *cipher; + EVP_CIPHER_CTX *ctx; + int rc; + +- ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) return SASL_NOMEM; ++#if OPENSSL_VERSION_NUMBER >= 0x30000000L ++ ossl3_context_t *ossl3_ctx; + +- rc = EVP_EncryptInit_ex(ctx, EVP_rc4(), NULL, enckey, NULL); +- if (rc != 1) return SASL_FAIL; ++ rc = init_ossl3_ctx(text); ++ if (rc != SASL_OK) return rc; ++ ++ ossl3_ctx = (ossl3_context_t *)text->crypto.libctx; ++ cipher = EVP_CIPHER_fetch(ossl3_ctx->libctx, "RC4", ""); ++#else ++ cipher = EVP_rc4(); ++#endif + +- text->cipher_enc_context = (void *)ctx; + + ctx = EVP_CIPHER_CTX_new(); +- if (ctx == NULL) return SASL_NOMEM; ++ if (ctx == NULL) { ++ rc = SASL_NOMEM; ++ goto done; ++ } + +- rc = EVP_DecryptInit_ex(ctx, EVP_rc4(), NULL, deckey, NULL); +- if (rc != 1) return SASL_FAIL; ++ rc = EVP_EncryptInit_ex(ctx, cipher, NULL, enckey, NULL); ++ if (rc != 1) { ++ rc = SASL_FAIL; ++ goto done; ++ } ++ text->crypto.enc_ctx = (void *)ctx; ++ ++ ctx = EVP_CIPHER_CTX_new(); ++ if (ctx == NULL) { ++ rc = SASL_NOMEM; ++ goto done; ++ } ++ ++ rc = EVP_DecryptInit_ex(ctx, cipher, NULL, deckey, NULL); ++ if (rc != 1) { ++ rc = SASL_FAIL; ++ goto done; ++ } ++ text->crypto.dec_ctx = (void *)ctx; + +- text->cipher_dec_context = (void *)ctx; ++ rc = SASL_OK; + +- return SASL_OK; ++done: ++ if (rc != SASL_OK) { ++ free_rc4(text); ++ } ++ return rc; + } + + static int dec_rc4(context_t *text, +@@ -1169,14 +1260,14 @@ static int dec_rc4(context_t *text, + int rc; + + /* decrypt the text part & HMAC */ +- rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->cipher_dec_context, ++ rc = EVP_DecryptUpdate((EVP_CIPHER_CTX *)text->crypto.dec_ctx, + (unsigned char *)output, &len, + (const unsigned char *)input, inputlen); + if (rc != 1) return SASL_FAIL; + + *outputlen = len; + +- rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_dec_context, ++ rc = EVP_DecryptFinal_ex((EVP_CIPHER_CTX *)text->crypto.dec_ctx, + (unsigned char *)output + len, &len); + if (rc != 1) return SASL_FAIL; + +@@ -1198,7 +1289,7 @@ static int enc_rc4(context_t *text, + int len; + int rc; + /* encrypt the text part */ +- rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context, ++ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->crypto.enc_ctx, + (unsigned char *)output, &len, + (const unsigned char *)input, inputlen); + if (rc != 1) return SASL_FAIL; +@@ -1206,14 +1297,14 @@ static int enc_rc4(context_t *text, + *outputlen = len; + + /* encrypt the `MAC part */ +- rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->cipher_enc_context, ++ rc = EVP_EncryptUpdate((EVP_CIPHER_CTX *)text->crypto.enc_ctx, + (unsigned char *)output + *outputlen, &len, + digest, 10); + if (rc != 1) return SASL_FAIL; + + *outputlen += len; + +- rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->cipher_enc_context, ++ rc = EVP_EncryptFinal_ex((EVP_CIPHER_CTX *)text->crypto.enc_ctx, + (unsigned char *)output + *outputlen, &len); + if (rc != 1) return SASL_FAIL; + +@@ -1221,187 +1312,6 @@ static int enc_rc4(context_t *text, + + return SASL_OK; + } +-#else +-/* quick generic implementation of RC4 */ +-struct rc4_context_s { +- unsigned char sbox[256]; +- int i, j; +-}; +- +-typedef struct rc4_context_s rc4_context_t; +- +-static void rc4_init(rc4_context_t *text, +- const unsigned char *key, +- unsigned keylen) +-{ +- int i, j; +- +- /* fill in linearly s0=0 s1=1... */ +- for (i=0;i<256;i++) +- text->sbox[i]=i; +- +- j=0; +- for (i = 0; i < 256; i++) { +- unsigned char tmp; +- /* j = (j + Si + Ki) mod 256 */ +- j = (j + text->sbox[i] + key[i % keylen]) % 256; +- +- /* swap Si and Sj */ +- tmp = text->sbox[i]; +- text->sbox[i] = text->sbox[j]; +- text->sbox[j] = tmp; +- } +- +- /* counters initialized to 0 */ +- text->i = 0; +- text->j = 0; +-} +- +-static void rc4_encrypt(rc4_context_t *text, +- const char *input, +- char *output, +- unsigned len) +-{ +- int tmp; +- int i = text->i; +- int j = text->j; +- int t; +- int K; +- const char *input_end = input + len; +- +- while (input < input_end) { +- i = (i + 1) % 256; +- +- j = (j + text->sbox[i]) % 256; +- +- /* swap Si and Sj */ +- tmp = text->sbox[i]; +- text->sbox[i] = text->sbox[j]; +- text->sbox[j] = tmp; +- +- t = (text->sbox[i] + text->sbox[j]) % 256; +- +- K = text->sbox[t]; +- +- /* byte K is Xor'ed with plaintext */ +- *output++ = *input++ ^ K; +- } +- +- text->i = i; +- text->j = j; +-} +- +-static void rc4_decrypt(rc4_context_t *text, +- const char *input, +- char *output, +- unsigned len) +-{ +- int tmp; +- int i = text->i; +- int j = text->j; +- int t; +- int K; +- const char *input_end = input + len; +- +- while (input < input_end) { +- i = (i + 1) % 256; +- +- j = (j + text->sbox[i]) % 256; +- +- /* swap Si and Sj */ +- tmp = text->sbox[i]; +- text->sbox[i] = text->sbox[j]; +- text->sbox[j] = tmp; +- +- t = (text->sbox[i] + text->sbox[j]) % 256; +- +- K = text->sbox[t]; +- +- /* byte K is Xor'ed with plaintext */ +- *output++ = *input++ ^ K; +- } +- +- text->i = i; +- text->j = j; +-} +- +-static void free_rc4(context_t *text) +-{ +- /* free rc4 context structures */ +- +- if (text->cipher_enc_context) { +- text->utils->free(text->cipher_enc_context); +- text->cipher_enc_context = NULL; +- } +- if (text->cipher_dec_context) { +- text->utils->free(text->cipher_dec_context); +- text->cipher_dec_context = NULL; +- } +-} +- +-static int init_rc4(context_t *text, +- unsigned char enckey[16], +- unsigned char deckey[16]) +-{ +- /* allocate rc4 context structures */ +- text->cipher_enc_context= +- (cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t)); +- if (text->cipher_enc_context == NULL) return SASL_NOMEM; +- +- text->cipher_dec_context= +- (cipher_context_t *) text->utils->malloc(sizeof(rc4_context_t)); +- if (text->cipher_dec_context == NULL) return SASL_NOMEM; +- +- /* initialize them */ +- rc4_init((rc4_context_t *) text->cipher_enc_context, +- (const unsigned char *) enckey, 16); +- rc4_init((rc4_context_t *) text->cipher_dec_context, +- (const unsigned char *) deckey, 16); +- +- return SASL_OK; +-} +- +-static int dec_rc4(context_t *text, +- const char *input, +- unsigned inputlen, +- unsigned char digest[16] __attribute__((unused)), +- char *output, +- unsigned *outputlen) +-{ +- /* decrypt the text part & HMAC */ +- rc4_decrypt((rc4_context_t *) text->cipher_dec_context, +- input, output, inputlen); +- +- /* no padding so we just subtract the HMAC to get the text length */ +- *outputlen = inputlen - 10; +- +- return SASL_OK; +-} +- +-static int enc_rc4(context_t *text, +- const char *input, +- unsigned inputlen, +- unsigned char digest[16], +- char *output, +- unsigned *outputlen) +-{ +- /* pad is zero */ +- *outputlen = inputlen+10; +- +- /* encrypt the text part */ +- rc4_encrypt((rc4_context_t *) text->cipher_enc_context, +- input, +- output, +- inputlen); +- +- /* encrypt the HMAC part */ +- rc4_encrypt((rc4_context_t *) text->cipher_enc_context, +- (const char *) digest, +- (output)+inputlen, 10); +- +- return SASL_OK; +-} +-#endif /* HAVE_OPENSSL */ + #endif /* WITH_RC4 */ + + struct digest_cipher available_ciphers[] = +@@ -2821,6 +2731,7 @@ static int digestmd5_server_mech_step2(s + } + + if (cptr->name) { ++ text->cipher_name = cptr->name; + text->cipher_enc = cptr->cipher_enc; + text->cipher_dec = cptr->cipher_dec; + text->cipher_init = cptr->cipher_init; +@@ -2964,7 +2875,10 @@ static int digestmd5_server_mech_step2(s + if (text->cipher_init) { + if (text->cipher_init(text, enckey, deckey) != SASL_OK) { + sparams->utils->seterror(sparams->utils->conn, 0, +- "couldn't init cipher"); ++ "couldn't init cipher '%s'", ++ text->cipher_name); ++ result = SASL_FAIL; ++ goto FreeAllMem; + } + } + } +@@ -3515,6 +3429,7 @@ static int make_client_response(context_ + oparams->mech_ssf = ctext->cipher->ssf; + + nbits = ctext->cipher->n; ++ text->cipher_name = ctext->cipher->name; + text->cipher_enc = ctext->cipher->cipher_enc; + text->cipher_dec = ctext->cipher->cipher_dec; + text->cipher_free = ctext->cipher->cipher_free; +@@ -3739,7 +3654,13 @@ static int make_client_response(context_ + + /* initialize cipher if need be */ + if (text->cipher_init) { +- text->cipher_init(text, enckey, deckey); ++ if (text->cipher_init(text, enckey, deckey) != SASL_OK) { ++ params->utils->seterror(params->utils->conn, 0, ++ "internal error: failed to init cipher '%s'", ++ text->cipher_name); ++ result = SASL_FAIL; ++ goto FreeAllocatedMem; ++ } + } + } + diff --git a/cyrus-sasl-no_rpath.patch b/cyrus-sasl-no_rpath.patch new file mode 100644 index 0000000..03f0a46 --- /dev/null +++ b/cyrus-sasl-no_rpath.patch @@ -0,0 +1,21 @@ +Index: cyrus-sasl-2.1.26/m4/cyrus.m4 +=================================================================== +--- cyrus-sasl-2.1.26.orig/m4/cyrus.m4 ++++ cyrus-sasl-2.1.26/m4/cyrus.m4 +@@ -32,14 +32,5 @@ AC_DEFUN([CMU_ADD_LIBPATH_TO], [ + dnl runpath initialization + AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ + # CMU GUESS RUNPATH SWITCH +- AC_CACHE_CHECK(for runpath switch, andrew_cv_runpath_switch, [ +- # first, try -R +- SAVE_LDFLAGS="${LDFLAGS}" +- LDFLAGS="-R /usr/lib" +- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ +-# LDFLAGS="-Wl,-rpath,/usr/lib" +- AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], +- [andrew_cv_runpath_switch="none"]) +- ]) +- LDFLAGS="${SAVE_LDFLAGS}" +- ])]) ++ andrew_cv_runpath_switch="none" ++]) diff --git a/cyrus-sasl-rc.tar.bz2 b/cyrus-sasl-rc.tar.bz2 new file mode 100644 index 0000000..0022a87 --- /dev/null +++ b/cyrus-sasl-rc.tar.bz2 @@ -0,0 +1,3 @@ +version https://git-lfs.github.com/spec/v1 +oid sha256:c0998126ac77044b4a4e1d7154e5431e10e7bd34f871f10e48138f4e01f8149c +size 2294 diff --git a/cyrus-sasl-saslauthd-bdb.changes b/cyrus-sasl-saslauthd-bdb.changes new file mode 100644 index 0000000..051ab5c --- /dev/null +++ b/cyrus-sasl-saslauthd-bdb.changes @@ -0,0 +1,884 @@ +------------------------------------------------------------------- +Tue May 7 08:26:51 UTC 2024 - Peter Varkoly + +- GCC 14: cyrus-sasl package fails (bsc#1221863) + Apply upstream patch: + 0001-Fix-time.h-check.patch + +------------------------------------------------------------------- +Mon Feb 26 10:50:23 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Mon Nov 6 09:03:23 UTC 2023 - Dominique Leuenberger + +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +------------------------------------------------------------------- +Thu May 4 11:21:19 UTC 2023 - Dominique Leuenberger + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Mon Jan 23 20:35:54 UTC 2023 - Dirk Müller + +- drop optional opie dependency + +------------------------------------------------------------------- +Wed Dec 7 11:15:12 UTC 2022 - Dominique Leuenberger + +- Do not set directories inside doc/ mode 644; otherwise the + directories are set 644 as well, which means no files inside are + accessible. This resulted in the past in doc/ actually not being + added to the devel package. + +------------------------------------------------------------------- +Wed Mar 9 08:39:23 UTC 2022 - Dirk Müller + +- update to 2.1.28 (bsc#1196036, CVE-2022-24407): + * https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 +- drop cyrus-sasl-bug587.patch (upstream) + +------------------------------------------------------------------- +Mon Jan 31 10:03:15 UTC 2022 - Dirk Müller + +- cyrus-sasl: prevent fail of %pre when berkely db utils are + not installed (seems like we want to use this only for upgrade + so no Prereq added) +- move license to licensedir +- remove use of RPM_BUILD_ROOT +- minimal spec cleanups +- avoid bashisms + +------------------------------------------------------------------- +Thu Jan 13 14:58:15 UTC 2022 - Peter Varkoly + +- postfix: sasl authentication with password fails (bsc#1194265) + Add config parameter --with-dblib=gdbm +- Avoid converting of /etc/sasldb2 by every update. Convert + /etc/sasldb2 only if it is a Berkeley DB + +------------------------------------------------------------------- +Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly + +- Fix build: Do not build libsasl2-3 in the bdb package. This will + not be linked to berkely db. libsasl2-3 is now defined as + %BuildRequires and %Requires + +------------------------------------------------------------------- +Fri Jan 8 11:32:42 UTC 2021 - Peter Varkoly + +- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root + due to insecure tmp file usage. (bsc#1180669) + Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary + files. + +------------------------------------------------------------------- +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The packages cyrus-sasl and cyrus-sasl-saslauthd are built + without Berkely DB support. gdbm will be used instead of BDB. + The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder + +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) + +------------------------------------------------------------------- +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly + +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com + +- OpenSSL 1.1 support (bsc#1055463) + * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora + +------------------------------------------------------------------- +Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com + +- added cyrus-sasl-issue-402.patch to fix + SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 + (see https://github.com/cyrusimap/cyrus-sasl/issues/402) + +------------------------------------------------------------------- +Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com + +- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5 + +------------------------------------------------------------------- +Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com + +- really use SASLAUTHD_PARAMS variable (bnc#938657) + +------------------------------------------------------------------- +Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com + +- bnc#908883 cyrus-sasl-scram refers to wrong RFC + +------------------------------------------------------------------- +Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de + +- Make sure /usr/sbin/rcsaslauthd exists + +------------------------------------------------------------------- +Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com + +- bnc#897837 saslauthd package has no config + +------------------------------------------------------------------- +Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org + +- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure + +------------------------------------------------------------------- +Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com + +- Remove insserv dependency; it's unneeded with systemd' systems +- Remove insserv and fillup dependency in cyrus-sasl package; there + is neither sysconfig or init file + +------------------------------------------------------------------- +Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com + +- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 + cyrus-sasl-revert_gssapi_flags.patch (bnc#775279) + +------------------------------------------------------------------- +Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com + +- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always' + +------------------------------------------------------------------- +Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de + +- Implement shlib packaging guidelines: make subpackage libsasl2-3. + (All other .so files are _server_ plugins AFAICS, loaded via + dlopen.) +- Ensure directories are owned by packages and thus get torn down + on package removal + +------------------------------------------------------------------- +Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com + +- Put back the .so files to sasl auth packages from devel file. + The .so files are read by some application instead of full path + so in order for auth to work this files must be available + +------------------------------------------------------------------- +Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com + +- Add patch fix-sasl-header.diff to resolve build issues that + are failing due to typedef 'sasl_malloc_t' is initialized. + (see gentoo#458870, fedora#906519) + +------------------------------------------------------------------- +Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com + +- Removed server side service to comply with Factory rules + +------------------------------------------------------------------- +Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com + +- Update to 2.1.26 + * Modernize SASL malloc/realloc callback prototypes + * Added sasl_config_done() to plug a memory leak when using an application specific config file + * Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590). + * unlock the mutex in sasl_dispose if the context was freed by another thread + * MINGW32 compatibility patches + * Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0 + * Fixed some memory leaks in libsasl + - GSSAPI plugin: + + Fixed a segfault in gssapi.c introduced in 2.1.25. + + Code refactoring + + Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable + - GS2 plugin: + + Updated GS2 plugin not to lose minor GSS-API status codes on errors + - DIGEST-MD5 plugin: + + Correctly send "stale" directive to prevent clients from (re)promtping for password + + Better handling of HTTP reauthentication cases + + fixed some memory leaks + - SASLDB plugin: + + Added support for BerkleyDB 5.X or later + - OTP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - SRP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - saslauthd: + + auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes + + auth_rimap.c: read the whole IMAP greeting + + better error reporting from some drivers + + fixed some memory leaks +- New BuildRequires for pkgconfig since pkgconfig file is generated +- Removed patches that do no longer apply + * cyrus-sasl-gcc4.patch (integrated upstream) + * cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream) + * gssapi-null-deref.dif (integrated upstream) + * Fix-abort_if_no_fqdn-behavior.patch (integrated upstream) + * cyrus-sasl-db6.diff (integrated upstream) +- Move *.so files into devel package + +------------------------------------------------------------------- +Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc + +- Fix for bnc#827230 and #784705, fix patch as described in + #827230, typo in patch from request 112480 (remove rpath, + Apr 4 2012), preventing sql auxprop plugin to work + +------------------------------------------------------------------- +Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de + +- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5 +- Simpler delete of .la files with find + +------------------------------------------------------------------- +Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de + +- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0, + a getaddrinfo failure should be ignored, as long as gethostname() + succeeded. (bnc#771983) + +------------------------------------------------------------------- +Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org + +- Ensure libraries and tools are built with LFS and include + config.h in all C files. + +------------------------------------------------------------------- +Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com + +- remove rpath + +------------------------------------------------------------------- +Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de + +- Move some doc files to devel package and to cyrus-sasl-saslauthd. + +------------------------------------------------------------------- +Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de + +- Removed debug printfs from cyrus-sasl.dif, added by accident +- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with + latest upstream improvements + +------------------------------------------------------------------- +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + +------------------------------------------------------------------- +Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com + +- add dependency to avoid broken parallel make + +------------------------------------------------------------------- +Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com + +- Fixed attributes of /var/run/sasl2 in filelist + +------------------------------------------------------------------- +Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com + +- Removed the /var/run/sasl2 directory from cyrus-sasl.spec. + It will now be created on demand by the saslauthd init script. +- Adjusted init script headers to silence rpmlint warning/errors. + +------------------------------------------------------------------- +Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com + +- Fixed linker arguments for ldap- and sql-auxprop plugins + (bnc#555568) + +------------------------------------------------------------------- +Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com + +- build against krb5-mini to avoid build cycle + +------------------------------------------------------------------- +Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com + +- Update to 2.1.23, the only change is a fix for a potential buffer + overflow in sasl_encode64() (bnc#499104, CVE-2009-0688) +- Imported some automake/libtool fixes from upstream cvs + +------------------------------------------------------------------- +Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de + +- fix build with GCC 4.4 +- remove all "la" files + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de + +- Fixed init-scripts Required-Stop Tags + +------------------------------------------------------------------- +Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de + +- Enhance sysconfig file and init script to allow to pass arbitrary + parameters to saslauthd (bnc#397808) +- Fixed description of the SASLAUTHD_THREADS sysconfig option. + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de + +- Moved "Version:" up to the top to make versioned + Obsoletes/Requires work correctly. + +------------------------------------------------------------------- +Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de + +- Enabled NTLM authentication plugin (bnc#343665), created new + subpackage cyrus-sasl-ntlm +- Replaced %run_ldconfig macro as suggested by rpmlint +- Replaced unversioned Obsoltes/Provides with versioned ones +- Removed unneeded Split-Provides + +------------------------------------------------------------------- +Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de + +- Fixed some RPMLINT complaints +- re-enabled accidently disabled "kerberos5" authmech for saslauthd + (Bug #335754) + +------------------------------------------------------------------- +Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de + +- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to + set the number of threads that saslauthd should spawn + (Bug #199114) + +------------------------------------------------------------------- +Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de + +- Use /etc/sasl2/ as directory for config files of services + %{_libdir} can still be used for backwards compatibilty + (Bug #206414) + +------------------------------------------------------------------- +Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de + +- Remove unneeded automake/autoheader calls + +------------------------------------------------------------------- +Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de + +- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce + BuildRequires of cyrus-sasl.spec +- Removed unneeded openldap2 from BuildRequires of + cyrus-sasl-saslauthd + +------------------------------------------------------------------- +Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de + +- Enabled the ldapdb auxprop plugin and created new subpackage + cyrus-sasl-ldap-auxprop for it (Bug #201478) + +------------------------------------------------------------------- +Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de + +- remove saslauthd man-page from cyrus-sasl package to solve + confict with -saslauthd subpackage (Bug #200490) + +------------------------------------------------------------------- +Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de + +- updated to 2.1.22 + * new pluginviewer utility for reporting information about client + and server side authentication plugins and auxprop plugins + (e.g. supported features, methods, etc.). + * Added support for HTTP POST password validation in saslauthd +- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name + collision with other packages in src.rpm (Bug #98188) +- include "crypt.h" in auth_shadow.c to avoid possible crash in + saslauthd (Bug #179621) + +------------------------------------------------------------------- +Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de + +- remove dlcompat-20010505 from tarball because of legal risk and + documented this in README.Source (Bug: #161390) +- added check for dlcompat-20010505 to the spec file + +------------------------------------------------------------------- +Wed Jan 25 21:30:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de + +- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database + +------------------------------------------------------------------- +Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de + +- use /dev/urandom instead of /dev/random, see + http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue + for an explanation +- removed the useless .la files from rpm + +------------------------------------------------------------------- +Tue May 17 18:42:14 CEST 2005 - choeger@suse.de + +- update to version 2.1.21 + +------------------------------------------------------------------- +Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de + +- now also build the sql auxprop plugin; created new subpackage + cyrus-sasl-sqlauxprop + +------------------------------------------------------------------- +Fri Feb 25 17:24:12 CET 2005 - uli@suse.de + +- better GCC4 fix + +------------------------------------------------------------------- +Fri Feb 25 14:40:12 CET 2005 - uli@suse.de + +- fixed to build with GCC4 + +------------------------------------------------------------------- +Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de + +- Get rid of .cvsignore files +- Don't remove buildroot before install + +------------------------------------------------------------------- +Mon Oct 25 11:47:36 CEST 2004 - choeger@suse.de + +- update to version 2.1.20 + +------------------------------------------------------------------- +Wed Oct 6 15:00:16 CEST 2004 - choeger@suse.de + +- Bugfix ID#46847 - VUL-0: SASL environment variable local root + +------------------------------------------------------------------- +Mon Sep 20 15:54:37 CEST 2004 - choeger@suse.de + +- package binaries of sample-client and -server instead of + shell wrappers (which do not work) + +------------------------------------------------------------------- +Fri Sep 17 11:20:28 CEST 2004 - choeger@suse.de + +- removed saslauthd from cyrus-sasl requires, as it is only + needed on a "server" side and also not in every case (buildin + mechanisms as CRAM- or DIGEST-MD5 do not need it) +- added split-provides for saslauthd + +------------------------------------------------------------------- +Mon Sep 6 13:37:56 CEST 2004 - choeger@suse.de + +- added testsaslauthd to filelist +- removed saslauthd and insserv makros from cyrus-sasl.spec + +------------------------------------------------------------------- +Fri Sep 3 13:14:02 CEST 2004 - choeger@suse.de + +- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic + dependency openldap2 <-> cyrus-sasl with saslauthd having + LDAP support + +------------------------------------------------------------------- +Tue Aug 31 11:55:28 CEST 2004 - choeger@suse.de + +- removed update messages and implemented "split-provides" + instead + +------------------------------------------------------------------- +Tue Aug 31 10:12:22 CEST 2004 - choeger@suse.de + +- added LDAP support for saslauthd, Bugzilla ID#44051 + +------------------------------------------------------------------- +Mon Aug 30 13:54:01 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#44346 - still using /var/adm/notify + now using new update messages mechanism +- added sample/client sample/server to file list + +------------------------------------------------------------------- +Thu Jul 15 13:50:15 CEST 2004 - choeger@suse.de + +- update to version 2.1.19 + +------------------------------------------------------------------- +Tue Jun 15 11:30:48 CEST 2004 - choeger@suse.de + +- bugfix id#39245 - cyrus-sasl includes straycat man page + +------------------------------------------------------------------- +Fri Mar 12 17:57:06 CET 2004 - choeger@suse.de + +- update to version 2.1.18 (Bugfix Release) + +------------------------------------------------------------------- +Tue Jan 27 15:39:57 CET 2004 - choeger@suse.de + +- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath + +------------------------------------------------------------------- +Thu Jan 22 12:28:34 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34019, notice users about the fact, that + cyrus-sasl has been splitted into subpackages + +------------------------------------------------------------------- +Fri Jan 16 13:08:08 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Tue Dec 2 10:11:37 CET 2003 - choeger@suse.de + +- update to version 2.1.17 + +------------------------------------------------------------------- +Fri Oct 31 16:59:33 CET 2003 - choeger@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Fri Oct 17 22:23:19 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 16 13:13:09 CEST 2003 - kukuk@suse.de + +- Add missing Provides [Bug #31005] + +------------------------------------------------------------------- +Mon Sep 1 13:26:43 CEST 2003 - choeger@suse.de + +- removed "-u root" from startproc as it always failes +- removed link to doc/components.html from doc/index.html as + components.html does not exist (Bugzilla ID#29253) + +------------------------------------------------------------------- +Thu Aug 14 18:48:47 CEST 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#28932: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 13:27:05 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Tue Jul 15 18:52:11 CEST 2003 - choeger@suse.de + +- update to version 2.1.15 + +------------------------------------------------------------------- +Mon Jun 30 18:04:22 CEST 2003 - choeger@suse.de + +- update to version 2.1.14 + +------------------------------------------------------------------- +Wed Jun 18 12:03:48 CEST 2003 - ro@suse.de + +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Jun 13 10:25:14 CEST 2003 - kukuk@suse.de + +- Add missing directory to filelist + +------------------------------------------------------------------- +Fri May 9 09:54:05 CEST 2003 - choeger@suse.de + +- use -ldb instead of -ldb-x.y to manually link the + dbconverter + +------------------------------------------------------------------- +Tue May 6 14:37:14 CEST 2003 - choeger@suse.de + +- update to version 2.1.13 + +------------------------------------------------------------------- +Tue Apr 15 08:50:41 CEST 2003 - ro@suse.de + +- added krb4-lib,krb4-devel to neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 14:56:11 CEST 2003 - choeger@suse.de + +- renamed to cyrus-sasl +- splitted libraries for the following auth methods into seperate + packages: + - crammd5 + - digestmd5 + - otp + - plain + this is to prevent from annoying warnings about missing proper + setup of mechanisms we don't use + +------------------------------------------------------------------- +Thu Mar 6 18:19:30 CET 2003 - choeger@suse.de + +- ever used dbconverter-2? Well it is just a shell script + which uses the damn compiled source tree... :-( + manually building dbconverter to let users convert their + /etc/sasldb from v1 to v2 using /usr/sbin/dbconverter + +------------------------------------------------------------------- +Thu Mar 6 17:34:18 CET 2003 - choeger@suse.de + +- as cyrus-sasl is dropped now: + provide cyrus-sasl-*, obsolete cyrus-sasl-* + (Bugzilla ID# 24762) + +------------------------------------------------------------------- +Tue Feb 4 10:48:37 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.12, bug-fix release. + This release addresses a few minor build and distribution + related issues + +------------------------------------------------------------------- +Mon Feb 3 10:54:48 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.11, bug-fix release. + It addresses a number of issues in the build system, a + memory leak in the doors IPC method for saslauthd, and fixes the NTLM + server side support to only require one of the LM or NT methods. + +------------------------------------------------------------------- +Thu Jan 23 11:03:56 CET 2003 - choeger@suse.de + +- don't use new libtool macros as cyrus-sasl2 seems to not + work when using them. +- added patch to compile shared libraries on ppc + +------------------------------------------------------------------- +Wed Jan 15 09:21:28 CET 2003 - kukuk@suse.de + +- Remove openldap2 from needed for build + +------------------------------------------------------------------- +Tue Jan 14 11:18:35 CET 2003 - choeger@suse.de + +- do not build the static library anymore + +------------------------------------------------------------------- +Wed Dec 11 13:15:29 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates + +------------------------------------------------------------------- +Tue Dec 10 09:46:44 CET 2002 - choeger@suse.de + +- update to version 2.1.10 + This version corrects a number of DIGEST-MD5 + interoperability issues, as well as corrects some potential buffer + overflows. + +------------------------------------------------------------------- +Thu Oct 31 00:23:42 CET 2002 - ro@suse.de + +- make it build again + +------------------------------------------------------------------- +Tue Oct 29 15:13:35 CET 2002 - ro@suse.de + +- remove own libtool macros + +------------------------------------------------------------------- +Thu Oct 24 10:42:11 CEST 2002 - choeger@suse.de + +- update to latest version 2.1.9 + +------------------------------------------------------------------- +Thu Sep 12 14:52:42 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict + with cyrus-sasl2-devel, because they contain files with the + same name + +------------------------------------------------------------------- +Mon Aug 19 18:48:02 CEST 2002 - rhafer@suse.de + +- enabled building of the static libsasl.a. It is needed for + cyrus-imap to be usable with nss_ldap (which is linked against + cyrus-sasl1) + +------------------------------------------------------------------- +Mon Aug 12 11:04:01 CEST 2002 - choeger@suse.de + +- update to version 2.1.7 + +------------------------------------------------------------------- +Thu Aug 8 10:31:06 CEST 2002 - choeger@suse.de + +- added .la files to the sasl2 plugin directory + ([lt_]dlopen seems to need that) + +------------------------------------------------------------------- +Mon Aug 5 17:07:37 CEST 2002 - choeger@suse.de + +- added Prereq + +------------------------------------------------------------------- +Sat Jul 27 18:09:53 CEST 2002 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Wed Jul 17 10:08:45 CEST 2002 - choeger@suse.de + +- update to version 2.1.6 + +------------------------------------------------------------------- +Wed Jun 19 18:25:16 CEST 2002 - choeger@suse.de + +- also install dbconverter-2 to be able to migrate from + cyrus-sasl(1) + +------------------------------------------------------------------- +Tue Jun 18 16:21:06 CEST 2002 - choeger@suse.de + +- /var/run/sasl2 must be 755 to let non root daemons + connect to unix socket + +------------------------------------------------------------------- +Tue Jun 18 16:09:08 CEST 2002 - choeger@suse.de + +- added initscript and sysconfig file for saslauthd +- added docs + +------------------------------------------------------------------- +Tue Jun 18 12:34:35 CEST 2002 - rhafer@suse.de + +- added opie to needforbuild +- should build on ppc64 and s390x now + +------------------------------------------------------------------- +Mon Jun 17 20:37:14 CEST 2002 - rhafer@suse.de + +- additional autoconf related patches, that were missing at first + check in + +------------------------------------------------------------------- +Mon Jun 17 18:12:24 CEST 2002 - rhafer@suse.de + +- Initial checkin of cyrus-sasl-2.1.5 + diff --git a/cyrus-sasl-saslauthd-bdb.spec b/cyrus-sasl-saslauthd-bdb.spec new file mode 100644 index 0000000..1872fb4 --- /dev/null +++ b/cyrus-sasl-saslauthd-bdb.spec @@ -0,0 +1,171 @@ +# +# spec file for package cyrus-sasl-saslauthd-bdb +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + +Name: cyrus-sasl-saslauthd-bdb +Version: 2.1.28 +Release: 0 +Summary: The SASL Authentication Server +License: BSD-4-Clause +Group: Productivity/Networking/Other +URL: https://github.com/cyrusimap/cyrus-sasl +Source: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-%{version}/cyrus-sasl-%{version}.tar.gz +Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf +Source4: saslauthd.service +Patch0: cyrus-sasl.dif +Patch5: cyrus-sasl-no_rpath.patch +Patch6: cyrus-sasl-lfs.patch +Patch7: fix_libpq-fe_include.diff +Patch8: 0001-Fix-time.h-check.patch +PreReq: %fillup_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: db-devel +BuildRequires: krb5-devel +BuildRequires: libtool +BuildRequires: mysql-devel +BuildRequires: openldap2-devel +BuildRequires: pam-devel +BuildRequires: postgresql-devel +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +Conflicts: cyrus-sasl-saslauthd + +%description +This daemon is required when using cyrus-sasl in server software that +should authenticate with PAM, for example. + +%package -n cyrus-sasl-ldap-auxprop-bdb +Summary: The cyrus-sasl LDAP auxprop plugin +Group: Productivity/Networking/Other +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-ldap-auxprop + +%description -n cyrus-sasl-ldap-auxprop-bdb +The LDAP auxprop plugin allows for tighter application/directory +integration. + +%package -n cyrus-sasl-sqlauxprop-bdb +Summary: SQL auxprop plugin for cyrus-sasl +Group: Development/Libraries/C and C++ +Requires: cyrus-sasl-bdb = %{version} +Conflicts: cyrus-sasl-sqlauxprop + +%description -n cyrus-sasl-sqlauxprop-bdb +The SQL auxprop plugin supports PostgreSQL and MySQL + +%prep +%setup -n cyrus-sasl-%{version} -a 1 +%patch -P 0 +%patch -P 5 -p1 +%patch -P 6 -p1 +%patch -P 7 -p1 +%patch -P 8 -p1 + +%build +find . -name "*.cvsignore" -exec rm -fv "{}" "+" +autoreconf -f +export CFLAGS="-fno-strict-aliasing $RPM_OPT_FLAGS -DLDAP_DEPRECATED" +%configure --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/run/sasl2/ \ + --enable-checkapop=no \ + --enable-cram=no \ + --enable-digest=no \ + --enable-otp=no \ + --enable-srp=no \ + --enable-plain=no \ + --enable-anon=no \ + --enable-ntlm=no \ + --enable-passdss=no \ + --enable-sample=no \ + --enable-login=no \ + --enable-gssapi=yes \ + --enable-gs2=no \ + --enable-scram=no \ + --enable-krb4=no \ + --enable-sql \ + --with-mysql=/usr/include/mysql \ + --with-pgsql=/usr/include/pgsql \ + --enable-ldapdb=yes \ + --with-pam \ + --with-ldap +make sasldir=%{_libdir}/sasl2 %{?_smp_mflags} + +%install +cd plugins +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +cd .. +cd saslauthd +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +ln -s service "%buildroot/%_sbindir/rcsaslauthd" +install -m 755 -d $RPM_BUILD_ROOT/run/sasl2 +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 +install -m 644 saslauthd.mdoc $RPM_BUILD_ROOT/%{_mandir}/man8/saslauthd.8 +mkdir -p $RPM_BUILD_ROOT/usr/bin +install -m 755 testsaslauthd $RPM_BUILD_ROOT/usr/bin/testsaslauthd +cd - +mkdir -p $RPM_BUILD_ROOT/sbin +install -D -m 644 SuSE/sysconfig.saslauthd $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.saslauthd +rm -f $RPM_BUILD_ROOT/%{_mandir}/cat?/* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsasldb* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libldapdb.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsql.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libgs2.* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libgssapiv2.* + +mkdir -p $RPM_BUILD_ROOT/%{_unitdir} +install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir} + +%pre +%service_add_pre saslauthd.service + +%preun +%service_del_preun saslauthd.service + +%postun +%service_del_postun saslauthd.service + +%post +%{fillup_only -n saslauthd} +%service_add_post saslauthd.service + +%files +%license saslauthd/COPYING +%{_fillupdir}/sysconfig.saslauthd +%{_unitdir}/saslauthd.service +%dir %attr(0755, root, root) %ghost /run/sasl2 +/usr/sbin/* +/usr/bin/* +%doc %{_mandir}/man8/*.gz +%doc saslauthd/ChangeLog saslauthd/LDAP_SASLAUTHD + +%files -n cyrus-sasl-sqlauxprop-bdb +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libsql.so* + +%files -n cyrus-sasl-ldap-auxprop-bdb +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libldapdb.so* + +%changelog diff --git a/cyrus-sasl-saslauthd.changes b/cyrus-sasl-saslauthd.changes new file mode 100644 index 0000000..051ab5c --- /dev/null +++ b/cyrus-sasl-saslauthd.changes @@ -0,0 +1,884 @@ +------------------------------------------------------------------- +Tue May 7 08:26:51 UTC 2024 - Peter Varkoly + +- GCC 14: cyrus-sasl package fails (bsc#1221863) + Apply upstream patch: + 0001-Fix-time.h-check.patch + +------------------------------------------------------------------- +Mon Feb 26 10:50:23 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Mon Nov 6 09:03:23 UTC 2023 - Dominique Leuenberger + +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +------------------------------------------------------------------- +Thu May 4 11:21:19 UTC 2023 - Dominique Leuenberger + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Mon Jan 23 20:35:54 UTC 2023 - Dirk Müller + +- drop optional opie dependency + +------------------------------------------------------------------- +Wed Dec 7 11:15:12 UTC 2022 - Dominique Leuenberger + +- Do not set directories inside doc/ mode 644; otherwise the + directories are set 644 as well, which means no files inside are + accessible. This resulted in the past in doc/ actually not being + added to the devel package. + +------------------------------------------------------------------- +Wed Mar 9 08:39:23 UTC 2022 - Dirk Müller + +- update to 2.1.28 (bsc#1196036, CVE-2022-24407): + * https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 +- drop cyrus-sasl-bug587.patch (upstream) + +------------------------------------------------------------------- +Mon Jan 31 10:03:15 UTC 2022 - Dirk Müller + +- cyrus-sasl: prevent fail of %pre when berkely db utils are + not installed (seems like we want to use this only for upgrade + so no Prereq added) +- move license to licensedir +- remove use of RPM_BUILD_ROOT +- minimal spec cleanups +- avoid bashisms + +------------------------------------------------------------------- +Thu Jan 13 14:58:15 UTC 2022 - Peter Varkoly + +- postfix: sasl authentication with password fails (bsc#1194265) + Add config parameter --with-dblib=gdbm +- Avoid converting of /etc/sasldb2 by every update. Convert + /etc/sasldb2 only if it is a Berkeley DB + +------------------------------------------------------------------- +Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly + +- Fix build: Do not build libsasl2-3 in the bdb package. This will + not be linked to berkely db. libsasl2-3 is now defined as + %BuildRequires and %Requires + +------------------------------------------------------------------- +Fri Jan 8 11:32:42 UTC 2021 - Peter Varkoly + +- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root + due to insecure tmp file usage. (bsc#1180669) + Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary + files. + +------------------------------------------------------------------- +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The packages cyrus-sasl and cyrus-sasl-saslauthd are built + without Berkely DB support. gdbm will be used instead of BDB. + The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder + +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) + +------------------------------------------------------------------- +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly + +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com + +- OpenSSL 1.1 support (bsc#1055463) + * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora + +------------------------------------------------------------------- +Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com + +- added cyrus-sasl-issue-402.patch to fix + SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 + (see https://github.com/cyrusimap/cyrus-sasl/issues/402) + +------------------------------------------------------------------- +Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com + +- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5 + +------------------------------------------------------------------- +Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com + +- really use SASLAUTHD_PARAMS variable (bnc#938657) + +------------------------------------------------------------------- +Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com + +- bnc#908883 cyrus-sasl-scram refers to wrong RFC + +------------------------------------------------------------------- +Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de + +- Make sure /usr/sbin/rcsaslauthd exists + +------------------------------------------------------------------- +Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com + +- bnc#897837 saslauthd package has no config + +------------------------------------------------------------------- +Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org + +- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure + +------------------------------------------------------------------- +Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com + +- Remove insserv dependency; it's unneeded with systemd' systems +- Remove insserv and fillup dependency in cyrus-sasl package; there + is neither sysconfig or init file + +------------------------------------------------------------------- +Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com + +- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 + cyrus-sasl-revert_gssapi_flags.patch (bnc#775279) + +------------------------------------------------------------------- +Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com + +- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always' + +------------------------------------------------------------------- +Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de + +- Implement shlib packaging guidelines: make subpackage libsasl2-3. + (All other .so files are _server_ plugins AFAICS, loaded via + dlopen.) +- Ensure directories are owned by packages and thus get torn down + on package removal + +------------------------------------------------------------------- +Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com + +- Put back the .so files to sasl auth packages from devel file. + The .so files are read by some application instead of full path + so in order for auth to work this files must be available + +------------------------------------------------------------------- +Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com + +- Add patch fix-sasl-header.diff to resolve build issues that + are failing due to typedef 'sasl_malloc_t' is initialized. + (see gentoo#458870, fedora#906519) + +------------------------------------------------------------------- +Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com + +- Removed server side service to comply with Factory rules + +------------------------------------------------------------------- +Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com + +- Update to 2.1.26 + * Modernize SASL malloc/realloc callback prototypes + * Added sasl_config_done() to plug a memory leak when using an application specific config file + * Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590). + * unlock the mutex in sasl_dispose if the context was freed by another thread + * MINGW32 compatibility patches + * Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0 + * Fixed some memory leaks in libsasl + - GSSAPI plugin: + + Fixed a segfault in gssapi.c introduced in 2.1.25. + + Code refactoring + + Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable + - GS2 plugin: + + Updated GS2 plugin not to lose minor GSS-API status codes on errors + - DIGEST-MD5 plugin: + + Correctly send "stale" directive to prevent clients from (re)promtping for password + + Better handling of HTTP reauthentication cases + + fixed some memory leaks + - SASLDB plugin: + + Added support for BerkleyDB 5.X or later + - OTP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - SRP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - saslauthd: + + auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes + + auth_rimap.c: read the whole IMAP greeting + + better error reporting from some drivers + + fixed some memory leaks +- New BuildRequires for pkgconfig since pkgconfig file is generated +- Removed patches that do no longer apply + * cyrus-sasl-gcc4.patch (integrated upstream) + * cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream) + * gssapi-null-deref.dif (integrated upstream) + * Fix-abort_if_no_fqdn-behavior.patch (integrated upstream) + * cyrus-sasl-db6.diff (integrated upstream) +- Move *.so files into devel package + +------------------------------------------------------------------- +Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc + +- Fix for bnc#827230 and #784705, fix patch as described in + #827230, typo in patch from request 112480 (remove rpath, + Apr 4 2012), preventing sql auxprop plugin to work + +------------------------------------------------------------------- +Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de + +- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5 +- Simpler delete of .la files with find + +------------------------------------------------------------------- +Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de + +- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0, + a getaddrinfo failure should be ignored, as long as gethostname() + succeeded. (bnc#771983) + +------------------------------------------------------------------- +Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org + +- Ensure libraries and tools are built with LFS and include + config.h in all C files. + +------------------------------------------------------------------- +Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com + +- remove rpath + +------------------------------------------------------------------- +Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de + +- Move some doc files to devel package and to cyrus-sasl-saslauthd. + +------------------------------------------------------------------- +Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de + +- Removed debug printfs from cyrus-sasl.dif, added by accident +- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with + latest upstream improvements + +------------------------------------------------------------------- +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + +------------------------------------------------------------------- +Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com + +- add dependency to avoid broken parallel make + +------------------------------------------------------------------- +Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com + +- Fixed attributes of /var/run/sasl2 in filelist + +------------------------------------------------------------------- +Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com + +- Removed the /var/run/sasl2 directory from cyrus-sasl.spec. + It will now be created on demand by the saslauthd init script. +- Adjusted init script headers to silence rpmlint warning/errors. + +------------------------------------------------------------------- +Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com + +- Fixed linker arguments for ldap- and sql-auxprop plugins + (bnc#555568) + +------------------------------------------------------------------- +Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com + +- build against krb5-mini to avoid build cycle + +------------------------------------------------------------------- +Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com + +- Update to 2.1.23, the only change is a fix for a potential buffer + overflow in sasl_encode64() (bnc#499104, CVE-2009-0688) +- Imported some automake/libtool fixes from upstream cvs + +------------------------------------------------------------------- +Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de + +- fix build with GCC 4.4 +- remove all "la" files + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de + +- Fixed init-scripts Required-Stop Tags + +------------------------------------------------------------------- +Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de + +- Enhance sysconfig file and init script to allow to pass arbitrary + parameters to saslauthd (bnc#397808) +- Fixed description of the SASLAUTHD_THREADS sysconfig option. + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de + +- Moved "Version:" up to the top to make versioned + Obsoletes/Requires work correctly. + +------------------------------------------------------------------- +Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de + +- Enabled NTLM authentication plugin (bnc#343665), created new + subpackage cyrus-sasl-ntlm +- Replaced %run_ldconfig macro as suggested by rpmlint +- Replaced unversioned Obsoltes/Provides with versioned ones +- Removed unneeded Split-Provides + +------------------------------------------------------------------- +Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de + +- Fixed some RPMLINT complaints +- re-enabled accidently disabled "kerberos5" authmech for saslauthd + (Bug #335754) + +------------------------------------------------------------------- +Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de + +- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to + set the number of threads that saslauthd should spawn + (Bug #199114) + +------------------------------------------------------------------- +Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de + +- Use /etc/sasl2/ as directory for config files of services + %{_libdir} can still be used for backwards compatibilty + (Bug #206414) + +------------------------------------------------------------------- +Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de + +- Remove unneeded automake/autoheader calls + +------------------------------------------------------------------- +Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de + +- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce + BuildRequires of cyrus-sasl.spec +- Removed unneeded openldap2 from BuildRequires of + cyrus-sasl-saslauthd + +------------------------------------------------------------------- +Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de + +- Enabled the ldapdb auxprop plugin and created new subpackage + cyrus-sasl-ldap-auxprop for it (Bug #201478) + +------------------------------------------------------------------- +Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de + +- remove saslauthd man-page from cyrus-sasl package to solve + confict with -saslauthd subpackage (Bug #200490) + +------------------------------------------------------------------- +Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de + +- updated to 2.1.22 + * new pluginviewer utility for reporting information about client + and server side authentication plugins and auxprop plugins + (e.g. supported features, methods, etc.). + * Added support for HTTP POST password validation in saslauthd +- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name + collision with other packages in src.rpm (Bug #98188) +- include "crypt.h" in auth_shadow.c to avoid possible crash in + saslauthd (Bug #179621) + +------------------------------------------------------------------- +Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de + +- remove dlcompat-20010505 from tarball because of legal risk and + documented this in README.Source (Bug: #161390) +- added check for dlcompat-20010505 to the spec file + +------------------------------------------------------------------- +Wed Jan 25 21:30:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de + +- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database + +------------------------------------------------------------------- +Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de + +- use /dev/urandom instead of /dev/random, see + http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue + for an explanation +- removed the useless .la files from rpm + +------------------------------------------------------------------- +Tue May 17 18:42:14 CEST 2005 - choeger@suse.de + +- update to version 2.1.21 + +------------------------------------------------------------------- +Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de + +- now also build the sql auxprop plugin; created new subpackage + cyrus-sasl-sqlauxprop + +------------------------------------------------------------------- +Fri Feb 25 17:24:12 CET 2005 - uli@suse.de + +- better GCC4 fix + +------------------------------------------------------------------- +Fri Feb 25 14:40:12 CET 2005 - uli@suse.de + +- fixed to build with GCC4 + +------------------------------------------------------------------- +Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de + +- Get rid of .cvsignore files +- Don't remove buildroot before install + +------------------------------------------------------------------- +Mon Oct 25 11:47:36 CEST 2004 - choeger@suse.de + +- update to version 2.1.20 + +------------------------------------------------------------------- +Wed Oct 6 15:00:16 CEST 2004 - choeger@suse.de + +- Bugfix ID#46847 - VUL-0: SASL environment variable local root + +------------------------------------------------------------------- +Mon Sep 20 15:54:37 CEST 2004 - choeger@suse.de + +- package binaries of sample-client and -server instead of + shell wrappers (which do not work) + +------------------------------------------------------------------- +Fri Sep 17 11:20:28 CEST 2004 - choeger@suse.de + +- removed saslauthd from cyrus-sasl requires, as it is only + needed on a "server" side and also not in every case (buildin + mechanisms as CRAM- or DIGEST-MD5 do not need it) +- added split-provides for saslauthd + +------------------------------------------------------------------- +Mon Sep 6 13:37:56 CEST 2004 - choeger@suse.de + +- added testsaslauthd to filelist +- removed saslauthd and insserv makros from cyrus-sasl.spec + +------------------------------------------------------------------- +Fri Sep 3 13:14:02 CEST 2004 - choeger@suse.de + +- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic + dependency openldap2 <-> cyrus-sasl with saslauthd having + LDAP support + +------------------------------------------------------------------- +Tue Aug 31 11:55:28 CEST 2004 - choeger@suse.de + +- removed update messages and implemented "split-provides" + instead + +------------------------------------------------------------------- +Tue Aug 31 10:12:22 CEST 2004 - choeger@suse.de + +- added LDAP support for saslauthd, Bugzilla ID#44051 + +------------------------------------------------------------------- +Mon Aug 30 13:54:01 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#44346 - still using /var/adm/notify + now using new update messages mechanism +- added sample/client sample/server to file list + +------------------------------------------------------------------- +Thu Jul 15 13:50:15 CEST 2004 - choeger@suse.de + +- update to version 2.1.19 + +------------------------------------------------------------------- +Tue Jun 15 11:30:48 CEST 2004 - choeger@suse.de + +- bugfix id#39245 - cyrus-sasl includes straycat man page + +------------------------------------------------------------------- +Fri Mar 12 17:57:06 CET 2004 - choeger@suse.de + +- update to version 2.1.18 (Bugfix Release) + +------------------------------------------------------------------- +Tue Jan 27 15:39:57 CET 2004 - choeger@suse.de + +- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath + +------------------------------------------------------------------- +Thu Jan 22 12:28:34 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34019, notice users about the fact, that + cyrus-sasl has been splitted into subpackages + +------------------------------------------------------------------- +Fri Jan 16 13:08:08 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Tue Dec 2 10:11:37 CET 2003 - choeger@suse.de + +- update to version 2.1.17 + +------------------------------------------------------------------- +Fri Oct 31 16:59:33 CET 2003 - choeger@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Fri Oct 17 22:23:19 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 16 13:13:09 CEST 2003 - kukuk@suse.de + +- Add missing Provides [Bug #31005] + +------------------------------------------------------------------- +Mon Sep 1 13:26:43 CEST 2003 - choeger@suse.de + +- removed "-u root" from startproc as it always failes +- removed link to doc/components.html from doc/index.html as + components.html does not exist (Bugzilla ID#29253) + +------------------------------------------------------------------- +Thu Aug 14 18:48:47 CEST 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#28932: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 13:27:05 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Tue Jul 15 18:52:11 CEST 2003 - choeger@suse.de + +- update to version 2.1.15 + +------------------------------------------------------------------- +Mon Jun 30 18:04:22 CEST 2003 - choeger@suse.de + +- update to version 2.1.14 + +------------------------------------------------------------------- +Wed Jun 18 12:03:48 CEST 2003 - ro@suse.de + +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Jun 13 10:25:14 CEST 2003 - kukuk@suse.de + +- Add missing directory to filelist + +------------------------------------------------------------------- +Fri May 9 09:54:05 CEST 2003 - choeger@suse.de + +- use -ldb instead of -ldb-x.y to manually link the + dbconverter + +------------------------------------------------------------------- +Tue May 6 14:37:14 CEST 2003 - choeger@suse.de + +- update to version 2.1.13 + +------------------------------------------------------------------- +Tue Apr 15 08:50:41 CEST 2003 - ro@suse.de + +- added krb4-lib,krb4-devel to neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 14:56:11 CEST 2003 - choeger@suse.de + +- renamed to cyrus-sasl +- splitted libraries for the following auth methods into seperate + packages: + - crammd5 + - digestmd5 + - otp + - plain + this is to prevent from annoying warnings about missing proper + setup of mechanisms we don't use + +------------------------------------------------------------------- +Thu Mar 6 18:19:30 CET 2003 - choeger@suse.de + +- ever used dbconverter-2? Well it is just a shell script + which uses the damn compiled source tree... :-( + manually building dbconverter to let users convert their + /etc/sasldb from v1 to v2 using /usr/sbin/dbconverter + +------------------------------------------------------------------- +Thu Mar 6 17:34:18 CET 2003 - choeger@suse.de + +- as cyrus-sasl is dropped now: + provide cyrus-sasl-*, obsolete cyrus-sasl-* + (Bugzilla ID# 24762) + +------------------------------------------------------------------- +Tue Feb 4 10:48:37 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.12, bug-fix release. + This release addresses a few minor build and distribution + related issues + +------------------------------------------------------------------- +Mon Feb 3 10:54:48 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.11, bug-fix release. + It addresses a number of issues in the build system, a + memory leak in the doors IPC method for saslauthd, and fixes the NTLM + server side support to only require one of the LM or NT methods. + +------------------------------------------------------------------- +Thu Jan 23 11:03:56 CET 2003 - choeger@suse.de + +- don't use new libtool macros as cyrus-sasl2 seems to not + work when using them. +- added patch to compile shared libraries on ppc + +------------------------------------------------------------------- +Wed Jan 15 09:21:28 CET 2003 - kukuk@suse.de + +- Remove openldap2 from needed for build + +------------------------------------------------------------------- +Tue Jan 14 11:18:35 CET 2003 - choeger@suse.de + +- do not build the static library anymore + +------------------------------------------------------------------- +Wed Dec 11 13:15:29 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates + +------------------------------------------------------------------- +Tue Dec 10 09:46:44 CET 2002 - choeger@suse.de + +- update to version 2.1.10 + This version corrects a number of DIGEST-MD5 + interoperability issues, as well as corrects some potential buffer + overflows. + +------------------------------------------------------------------- +Thu Oct 31 00:23:42 CET 2002 - ro@suse.de + +- make it build again + +------------------------------------------------------------------- +Tue Oct 29 15:13:35 CET 2002 - ro@suse.de + +- remove own libtool macros + +------------------------------------------------------------------- +Thu Oct 24 10:42:11 CEST 2002 - choeger@suse.de + +- update to latest version 2.1.9 + +------------------------------------------------------------------- +Thu Sep 12 14:52:42 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict + with cyrus-sasl2-devel, because they contain files with the + same name + +------------------------------------------------------------------- +Mon Aug 19 18:48:02 CEST 2002 - rhafer@suse.de + +- enabled building of the static libsasl.a. It is needed for + cyrus-imap to be usable with nss_ldap (which is linked against + cyrus-sasl1) + +------------------------------------------------------------------- +Mon Aug 12 11:04:01 CEST 2002 - choeger@suse.de + +- update to version 2.1.7 + +------------------------------------------------------------------- +Thu Aug 8 10:31:06 CEST 2002 - choeger@suse.de + +- added .la files to the sasl2 plugin directory + ([lt_]dlopen seems to need that) + +------------------------------------------------------------------- +Mon Aug 5 17:07:37 CEST 2002 - choeger@suse.de + +- added Prereq + +------------------------------------------------------------------- +Sat Jul 27 18:09:53 CEST 2002 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Wed Jul 17 10:08:45 CEST 2002 - choeger@suse.de + +- update to version 2.1.6 + +------------------------------------------------------------------- +Wed Jun 19 18:25:16 CEST 2002 - choeger@suse.de + +- also install dbconverter-2 to be able to migrate from + cyrus-sasl(1) + +------------------------------------------------------------------- +Tue Jun 18 16:21:06 CEST 2002 - choeger@suse.de + +- /var/run/sasl2 must be 755 to let non root daemons + connect to unix socket + +------------------------------------------------------------------- +Tue Jun 18 16:09:08 CEST 2002 - choeger@suse.de + +- added initscript and sysconfig file for saslauthd +- added docs + +------------------------------------------------------------------- +Tue Jun 18 12:34:35 CEST 2002 - rhafer@suse.de + +- added opie to needforbuild +- should build on ppc64 and s390x now + +------------------------------------------------------------------- +Mon Jun 17 20:37:14 CEST 2002 - rhafer@suse.de + +- additional autoconf related patches, that were missing at first + check in + +------------------------------------------------------------------- +Mon Jun 17 18:12:24 CEST 2002 - rhafer@suse.de + +- Initial checkin of cyrus-sasl-2.1.5 + diff --git a/cyrus-sasl-saslauthd.spec b/cyrus-sasl-saslauthd.spec new file mode 100644 index 0000000..ea73053 --- /dev/null +++ b/cyrus-sasl-saslauthd.spec @@ -0,0 +1,171 @@ +# +# spec file for package cyrus-sasl-saslauthd +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +#Compat macro for new _fillupdir macro introduced in Nov 2017 +%if ! %{defined _fillupdir} + %define _fillupdir /var/adm/fillup-templates +%endif + +Name: cyrus-sasl-saslauthd +Version: 2.1.28 +Release: 0 +Summary: The SASL Authentication Server +License: BSD-4-Clause +Group: Productivity/Networking/Other +URL: https://github.com/cyrusimap/cyrus-sasl +Source: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-%{version}/cyrus-sasl-%{version}.tar.gz +Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf +Source4: saslauthd.service +Patch0: cyrus-sasl.dif +Patch5: cyrus-sasl-no_rpath.patch +Patch6: cyrus-sasl-lfs.patch +Patch7: fix_libpq-fe_include.diff +Patch8: 0001-Fix-time.h-check.patch +PreReq: %fillup_prereq +BuildRoot: %{_tmppath}/%{name}-%{version}-build +BuildRequires: gdbm-devel +BuildRequires: krb5-devel +BuildRequires: libtool +BuildRequires: mysql-devel +BuildRequires: openldap2-devel +BuildRequires: pam-devel +BuildRequires: postgresql-devel +BuildRequires: pkgconfig(systemd) +%{?systemd_requires} +Conflicts: cyrus-sasl-saslauthd-bdb + +%description +This daemon is required when using cyrus-sasl in server software that +should authenticate with PAM, for example. + +%package -n cyrus-sasl-ldap-auxprop +Summary: The cyrus-sasl LDAP auxprop plugin +Group: Productivity/Networking/Other +Requires: cyrus-sasl = %{version} +Conflicts: cyrus-sasl-ldap-auxprop-bdb + +%description -n cyrus-sasl-ldap-auxprop +The LDAP auxprop plugin allows for tighter application/directory +integration. + +%package -n cyrus-sasl-sqlauxprop +Summary: SQL auxprop plugin for cyrus-sasl +Group: Development/Libraries/C and C++ +Requires: cyrus-sasl = %{version} +Conflicts: cyrus-sasl-sqlauxprop-bdb + +%description -n cyrus-sasl-sqlauxprop +The SQL auxprop plugin supports PostgreSQL and MySQL + +%prep +%setup -n cyrus-sasl-%{version} -a 1 +%patch -P 0 +%patch -P 5 -p1 +%patch -P 6 -p1 +%patch -P 7 -p1 +%patch -P 8 -p1 + +%build +find . -name "*.cvsignore" -exec rm -fv "{}" "+" +autoreconf -f +export CFLAGS="-fno-strict-aliasing $RPM_OPT_FLAGS -DLDAP_DEPRECATED" +%configure --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=/etc/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/run/sasl2/ \ + --enable-checkapop=no \ + --enable-cram=no \ + --enable-digest=no \ + --enable-otp=no \ + --enable-srp=no \ + --enable-plain=no \ + --enable-anon=no \ + --enable-ntlm=no \ + --enable-passdss=no \ + --enable-sample=no \ + --enable-login=no \ + --enable-gssapi=yes \ + --enable-gs2=no \ + --enable-scram=no \ + --enable-krb4=no \ + --enable-sql \ + --with-mysql=/usr/include/mysql \ + --with-pgsql=/usr/include/pgsql \ + --enable-ldapdb=yes \ + --with-pam \ + --with-ldap +make sasldir=%{_libdir}/sasl2 %{?_smp_mflags} + +%install +cd plugins +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +cd .. +cd saslauthd +make DESTDIR=$RPM_BUILD_ROOT sasldir=%{_libdir}/sasl2 install +ln -s service "%buildroot/%_sbindir/rcsaslauthd" +install -m 755 -d $RPM_BUILD_ROOT/run/sasl2 +mkdir -p $RPM_BUILD_ROOT/%{_mandir}/man8 +install -m 644 saslauthd.mdoc $RPM_BUILD_ROOT/%{_mandir}/man8/saslauthd.8 +mkdir -p $RPM_BUILD_ROOT/usr/bin +install -m 755 testsaslauthd $RPM_BUILD_ROOT/usr/bin/testsaslauthd +cd - +mkdir -p $RPM_BUILD_ROOT/sbin +install -D -m 644 SuSE/sysconfig.saslauthd $RPM_BUILD_ROOT%{_fillupdir}/sysconfig.saslauthd +rm -f $RPM_BUILD_ROOT/%{_mandir}/cat?/* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsasldb* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libldapdb.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libsql.la +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libgs2.* +rm -f $RPM_BUILD_ROOT/%{_libdir}/sasl2/libgssapiv2.* + +mkdir -p $RPM_BUILD_ROOT/%{_unitdir} +install -m 644 %{SOURCE4} $RPM_BUILD_ROOT/%{_unitdir} + +%pre +%service_add_pre saslauthd.service + +%preun +%service_del_preun saslauthd.service + +%postun +%service_del_postun saslauthd.service + +%post +%{fillup_only -n saslauthd} +%service_add_post saslauthd.service + +%files +%license saslauthd/COPYING +%{_fillupdir}/sysconfig.saslauthd +%{_unitdir}/saslauthd.service +%dir %attr(0755, root, root) %ghost /run/sasl2 +/usr/sbin/* +/usr/bin/* +%doc %{_mandir}/man8/*.gz +%doc saslauthd/ChangeLog saslauthd/LDAP_SASLAUTHD + +%files -n cyrus-sasl-sqlauxprop +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libsql.so* + +%files -n cyrus-sasl-ldap-auxprop +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libldapdb.so* + +%changelog diff --git a/cyrus-sasl.changes b/cyrus-sasl.changes new file mode 100644 index 0000000..4299893 --- /dev/null +++ b/cyrus-sasl.changes @@ -0,0 +1,891 @@ +------------------------------------------------------------------- +Thu Sep 19 06:36:56 UTC 2024 - Angel Yankov + +- Make DIGEST-MD5 work with openssl3 ( bsc#1230111 ) + RC4 is legacy provided since openSSL3 and requires explicit loading, dDisable openssl3 depricated API warnings. + * Add cyrus-sasl-make-digestmd5-work-ssl3.patch + +------------------------------------------------------------------- +Tue May 7 08:26:51 UTC 2024 - Peter Varkoly + +- GCC 14: cyrus-sasl package fails (bsc#1221863) + Apply upstream patch: + 0001-Fix-time.h-check.patch + +------------------------------------------------------------------- +Mon Feb 26 10:50:23 UTC 2024 - Dominique Leuenberger + +- Use %patch -P N instead of deprecated %patchN. + +------------------------------------------------------------------- +Mon Nov 6 09:03:23 UTC 2023 - Dominique Leuenberger + +- Fix build with RPM 4.19: unnumbered patches are no longer + supported. + +------------------------------------------------------------------- +Thu May 4 11:21:19 UTC 2023 - Dominique Leuenberger + +- Add _multibuild to define 2nd spec file as additional flavor. + Eliminates the need for source package links in OBS. + +------------------------------------------------------------------- +Mon Jan 23 20:35:54 UTC 2023 - Dirk Müller + +- drop optional opie dependency + +------------------------------------------------------------------- +Wed Dec 7 11:15:12 UTC 2022 - Dominique Leuenberger + +- Do not set directories inside doc/ mode 644; otherwise the + directories are set 644 as well, which means no files inside are + accessible. This resulted in the past in doc/ actually not being + added to the devel package. + +------------------------------------------------------------------- +Wed Mar 9 08:39:23 UTC 2022 - Dirk Müller + +- update to 2.1.28 (bsc#1196036, CVE-2022-24407): + * https://www.cyrusimap.org/sasl/sasl/release-notes/2.1/index.html#new-in-2-1-28 +- drop cyrus-sasl-bug587.patch (upstream) + +------------------------------------------------------------------- +Mon Jan 31 10:03:15 UTC 2022 - Dirk Müller + +- cyrus-sasl: prevent fail of %pre when berkely db utils are + not installed (seems like we want to use this only for upgrade + so no Prereq added) +- move license to licensedir +- remove use of RPM_BUILD_ROOT +- minimal spec cleanups +- avoid bashisms + +------------------------------------------------------------------- +Thu Jan 13 14:58:15 UTC 2022 - Peter Varkoly + +- postfix: sasl authentication with password fails (bsc#1194265) + Add config parameter --with-dblib=gdbm +- Avoid converting of /etc/sasldb2 by every update. Convert + /etc/sasldb2 only if it is a Berkeley DB + +------------------------------------------------------------------- +Thu Feb 25 18:03:26 UTC 2021 - Peter Varkoly + +- Fix build: Do not build libsasl2-3 in the bdb package. This will + not be linked to berkely db. libsasl2-3 is now defined as + %BuildRequires and %Requires + +------------------------------------------------------------------- +Fri Jan 8 11:32:42 UTC 2021 - Peter Varkoly + +- CVE-2020-8032: cyrus-sasl: Local privilege escalation to root + due to insecure tmp file usage. (bsc#1180669) + Use /var/adm/update-scripts/ instead of /tmp. Clean up temporary + files. + +------------------------------------------------------------------- +Tue Dec 8 13:33:33 UTC 2020 - Peter Varkoly + +- Remove Berkeley DB dependency (JIRA#SLE-12190) + The packages cyrus-sasl and cyrus-sasl-saslauthd are built + without Berkely DB support. gdbm will be used instead of BDB. + The packages cyrus-sasl-bdb and cyrus-sasl-saslauthd-bdb are built + with Berkely DB support. +- Update to 2.1.27 + * Added support for OpenSSL 1.1 + * Added support for lmdb + * Lots of build fixes + * Treat SCRAM and DIGEST-MD5 as more secure than PLAIN when selecting client mech + * DIGEST-MD5 plugin: + Fixed memory leaks + Fixed a segfault when looking for non-existent reauth cache + Prevent client from going from step 3 back to step 2 + Allow cmusaslsecretDIGEST-MD5 property to be disabled + * GSSAPI plugin: + Added support for retrieving negotiated SSF + Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF + Properly compute maxbufsize AFTER security layers have been set + * SCRAM plugin: + Added support for SCRAM-SHA-256 + * LOGIN plugin: + Don’t prompt client for password until requested by server + * NTLM plugin: + Fixed crash due to uninitialized HMAC context +- Replace references to /var/adm/fillup-templates with new + %_fillupdir macro (boo#1069468) +- bsc#983938 `After=syslog.target` left-overs in several unit files +- added patches: + fix_libpq-fe_include.diff for fixing including libpq-fe.h + +- removed patches obsoleted by upstream changes: + * shared_link_on_ppc.patch + * cyrus-sasl-2.1.27-openssl-1.1.0.patch + * 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * 0003-Check-return-error-from-gss_wrap_size_limit.patch + * 0004-Add-support-for-retrieving-the-mech_ssf.patch + * 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + * cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Thu Feb 6 17:50:21 UTC 2020 - Samuel Cabrero + +- Added support for retrieving negotiated SSF in gssapi plugin (bsc#1162518) + * Add 0002-Drop-unused-parameter-from-gssapi_spnego_ssf.patch + * Add 0003-Check-return-error-from-gss_wrap_size_limit.patch + * Add 0004-Add-support-for-retrieving-the-mech_ssf.patch +- Fixed GSS-SPNEGO to use flags negotiated by GSSAPI for SSF (bsc#1162518) + * Add 0001-Fix-GSS-SPNEGO-mechanism-s-incompatible-behavior.patch + +------------------------------------------------------------------- +Thu Nov 28 20:07:43 UTC 2019 - Michael Ströder + +- added backport-patch cyrus-sasl-bug587.patch which fixes + off-by-one error in _sasl_add_string function + (see CVE-2019-19906 bsc#1159635) + +------------------------------------------------------------------- +Mon Feb 4 15:13:25 UTC 2019 - Peter Varkoly + +- bnc#1044840 syslog is polluted with messages "GSSAPI client step 1" + By server context the connection will be sent to the log function. + Client content does not have log level information. I.e. there is no + way to stop DEBUG level logs nece I've removed it. + * add cyrus-sasl-fix-logging-in-gssapi.patch + +------------------------------------------------------------------- +Mon Sep 4 10:01:17 UTC 2017 - vcizek@suse.com + +- OpenSSL 1.1 support (bsc#1055463) + * add cyrus-sasl-2.1.27-openssl-1.1.0.patch from Fedora + +------------------------------------------------------------------- +Wed Mar 22 09:56:37 UTC 2017 - michael@stroeder.com + +- added cyrus-sasl-issue-402.patch to fix + SASL GSSAPI mechanism acceptor wrongly returns zero maxbufsize #402 + (see https://github.com/cyrusimap/cyrus-sasl/issues/402) + +------------------------------------------------------------------- +Tue Mar 7 11:31:23 UTC 2017 - varkoly@suse.com + +- bnc#1026825 saslauthd: :set_auth_mech : unknown authentication mechanism: kerberos5 + +------------------------------------------------------------------- +Wed Dec 9 20:15:40 UTC 2015 - bwiedemann@suse.com + +- really use SASLAUTHD_PARAMS variable (bnc#938657) + +------------------------------------------------------------------- +Tue Jan 6 19:02:33 UTC 2015 - varkoly@suse.com + +- bnc#908883 cyrus-sasl-scram refers to wrong RFC + +------------------------------------------------------------------- +Thu Nov 27 09:08:36 UTC 2014 - jengelh@inai.de + +- Make sure /usr/sbin/rcsaslauthd exists + +------------------------------------------------------------------- +Tue Sep 23 13:57:46 UTC 2014 - varkoly@suse.com + +- bnc#897837 saslauthd package has no config + +------------------------------------------------------------------- +Tue Jul 29 23:31:35 UTC 2014 - sfalken@opensuse.org + +- Changed --with-saslauthd=/var/run/sasl2 in %build to /run/sasl2 to clear rpmlint check failure + +------------------------------------------------------------------- +Sat Jul 19 12:54:50 UTC 2014 - p.drouand@gmail.com + +- Remove insserv dependency; it's unneeded with systemd' systems +- Remove insserv and fillup dependency in cyrus-sasl package; there + is neither sysconfig or init file + +------------------------------------------------------------------- +Fri Jun 13 11:03:45 UTC 2014 - ckornacker@suse.com + +- Revert upstream commit 080e51c7fa0421eb2f0210d34cf0ac48a228b1e9 + cyrus-sasl-revert_gssapi_flags.patch (bnc#775279) + +------------------------------------------------------------------- +Tue Apr 1 10:32:37 UTC 2014 - varkoly@suse.com + +- bnc#871183 - cyrus-sasl-saslauthd service file is missing parameter 'Restart=always' + +------------------------------------------------------------------- +Sat Nov 2 20:47:58 UTC 2013 - jengelh@inai.de + +- Implement shlib packaging guidelines: make subpackage libsasl2-3. + (All other .so files are _server_ plugins AFAICS, loaded via + dlopen.) +- Ensure directories are owned by packages and thus get torn down + on package removal + +------------------------------------------------------------------- +Sat Oct 5 19:10:55 UTC 2013 - tchvatal@suse.com + +- Put back the .so files to sasl auth packages from devel file. + The .so files are read by some application instead of full path + so in order for auth to work this files must be available + +------------------------------------------------------------------- +Sun Sep 29 08:11:05 UTC 2013 - tittiatcoke@gmail.com + +- Add patch fix-sasl-header.diff to resolve build issues that + are failing due to typedef 'sasl_malloc_t' is initialized. + (see gentoo#458870, fedora#906519) + +------------------------------------------------------------------- +Wed Sep 11 07:16:23 UTC 2013 - jcnengel@gmail.com + +- Removed server side service to comply with Factory rules + +------------------------------------------------------------------- +Tue Sep 3 22:07:15 UTC 2013 - jcnengel@gmail.com + +- Update to 2.1.26 + * Modernize SASL malloc/realloc callback prototypes + * Added sasl_config_done() to plug a memory leak when using an application specific config file + * Fixed PLAIN/LOGIN authentication failure when using saslauthd with no auxprop plugins (bug # 3590). + * unlock the mutex in sasl_dispose if the context was freed by another thread + * MINGW32 compatibility patches + * Fixed broken logic in get_fqhostname() when abort_if_no_fqdn is 0 + * Fixed some memory leaks in libsasl + - GSSAPI plugin: + + Fixed a segfault in gssapi.c introduced in 2.1.25. + + Code refactoring + + Added support for GSS-SPNEGO SASL mechanism (Unix only), which is also HTTP capable + - GS2 plugin: + + Updated GS2 plugin not to lose minor GSS-API status codes on errors + - DIGEST-MD5 plugin: + + Correctly send "stale" directive to prevent clients from (re)promtping for password + + Better handling of HTTP reauthentication cases + + fixed some memory leaks + - SASLDB plugin: + + Added support for BerkleyDB 5.X or later + - OTP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - SRP plugin: + + Removed calling of EVP_cleanup() on plugin shutdown in order to prevent TLS from failing in calling applications + - saslauthd: + + auth_rimap.c: qstring incorrectly appending the closing double quote, which might be causing crashes + + auth_rimap.c: read the whole IMAP greeting + + better error reporting from some drivers + + fixed some memory leaks +- New BuildRequires for pkgconfig since pkgconfig file is generated +- Removed patches that do no longer apply + * cyrus-sasl-gcc4.patch (integrated upstream) + * cyrus-sasl-gs2-not-overwrite-minor-error-code.dif (integrated upstream) + * gssapi-null-deref.dif (integrated upstream) + * Fix-abort_if_no_fqdn-behavior.patch (integrated upstream) + * cyrus-sasl-db6.diff (integrated upstream) +- Move *.so files into devel package + +------------------------------------------------------------------- +Fri Jul 26 13:09:51 UTC 2013 - obs@botter.cc + +- Fix for bnc#827230 and #784705, fix patch as described in + #827230, typo in patch from request 112480 (remove rpath, + Apr 4 2012), preventing sql auxprop plugin to work + +------------------------------------------------------------------- +Fri Jun 14 00:41:55 UTC 2013 - jengelh@inai.de + +- Add cyrus-sasl-db6.diff to fix compile abort with db >= 5 +- Simpler delete of .la files with find + +------------------------------------------------------------------- +Mon Aug 13 07:55:11 UTC 2012 - rhafer@suse.de + +- Include fix for Cyrus SASL Bug#3589: When abort_if_no_fqdn is 0, + a getaddrinfo failure should be ignored, as long as gethostname() + succeeded. (bnc#771983) + +------------------------------------------------------------------- +Wed May 9 21:47:48 UTC 2012 - crrodriguez@opensuse.org + +- Ensure libraries and tools are built with LFS and include + config.h in all C files. + +------------------------------------------------------------------- +Wed Apr 4 14:13:36 UTC 2012 - dvaleev@suse.com + +- remove rpath + +------------------------------------------------------------------- +Wed Jan 18 13:06:00 UTC 2012 - aj@suse.de + +- Move some doc files to devel package and to cyrus-sasl-saslauthd. + +------------------------------------------------------------------- +Fri Nov 25 10:05:58 UTC 2011 - rhafer@suse.de + +- Removed debug printfs from cyrus-sasl.dif, added by accident +- Updated cyrus-sasl-gs2-not-overwrite-minor-error-code.dif with + latest upstream improvements + +------------------------------------------------------------------- +Wed Nov 16 09:22:32 UTC 2011 - rhafer@suse.de + +- Update to 2.1.25: + * Added support for channel bindings + * Added support for ordering SASL mechanisms by strength (on + the client side), or using the "client_mech_list" option. + * Allow DIGEST-MD5 plugin to be used for client-side and + server-side HTTP Digest, including running over non-persistent + connections (RFC 2617) + * New SASL plugins: SCRAM and GS2 + * Fixed a crash caused by aborted SASL authentication + and initiation of another one using the same SASL context. + * Various improvements to DIGEST-MD5 to improve interoperability + with some slightly broken clients +- cleanup + * removed old dependencies still related to cyrus-sasl2 + * plugins now depend on the exact cyrus-sasl version + * use autoreconf instead of calling all tools manually + +------------------------------------------------------------------- +Fri Sep 30 20:07:52 UTC 2011 - coolo@suse.com + +- add libtool as buildrequire to make the spec file more reliable + +------------------------------------------------------------------- +Sun Sep 18 00:16:04 UTC 2011 - jengelh@medozas.de + +- Remove redundant tags/sections from specfile + +------------------------------------------------------------------- +Mon Jun 28 06:38:35 UTC 2010 - jengelh@medozas.de + +- use %_smp_mflags + +------------------------------------------------------------------- +Mon Jun 7 06:15:02 UTC 2010 - coolo@novell.com + +- add dependency to avoid broken parallel make + +------------------------------------------------------------------- +Mon May 10 12:53:14 UTC 2010 - rhafer@novell.com + +- Fixed attributes of /var/run/sasl2 in filelist + +------------------------------------------------------------------- +Wed Apr 28 09:24:11 UTC 2010 - rhafer@novell.com + +- Removed the /var/run/sasl2 directory from cyrus-sasl.spec. + It will now be created on demand by the saslauthd init script. +- Adjusted init script headers to silence rpmlint warning/errors. + +------------------------------------------------------------------- +Mon Dec 14 17:15:20 CET 2009 - jengelh@medozas.de + +- add baselibs.conf as a source + +------------------------------------------------------------------- +Mon Nov 23 10:57:47 UTC 2009 - rhafer@novell.com + +- Fixed linker arguments for ldap- and sql-auxprop plugins + (bnc#555568) + +------------------------------------------------------------------- +Mon Jul 20 16:20:35 CEST 2009 - coolo@novell.com + +- build against krb5-mini to avoid build cycle + +------------------------------------------------------------------- +Fri May 15 14:23:03 CEST 2009 - rhafer@novell.com + +- Update to 2.1.23, the only change is a fix for a potential buffer + overflow in sasl_encode64() (bnc#499104, CVE-2009-0688) +- Imported some automake/libtool fixes from upstream cvs + +------------------------------------------------------------------- +Mon Mar 2 21:28:09 CET 2009 - crrodriguez@suse.de + +- fix build with GCC 4.4 +- remove all "la" files + +------------------------------------------------------------------- +Wed Dec 10 12:34:56 CET 2008 - olh@suse.de + +- use Obsoletes: -XXbit only for ppc64 to help solver during distupgrade + (bnc#437293) + +------------------------------------------------------------------- +Thu Oct 30 12:34:56 CET 2008 - olh@suse.de + +- obsolete old -XXbit packages (bnc#437293) + +------------------------------------------------------------------- +Mon Aug 18 10:32:31 CEST 2008 - rhafer@suse.de + +- Fixed init-scripts Required-Stop Tags + +------------------------------------------------------------------- +Tue Jul 29 15:15:25 CEST 2008 - rhafer@suse.de + +- Enhance sysconfig file and init script to allow to pass arbitrary + parameters to saslauthd (bnc#397808) +- Fixed description of the SASLAUTHD_THREADS sysconfig option. + +------------------------------------------------------------------- +Thu Apr 10 12:54:45 CEST 2008 - ro@suse.de + +- added baselibs.conf file to build xxbit packages + for multilib support + +------------------------------------------------------------------- +Fri Mar 28 09:45:45 CET 2008 - rhafer@suse.de + +- Moved "Version:" up to the top to make versioned + Obsoletes/Requires work correctly. + +------------------------------------------------------------------- +Wed Mar 26 16:06:15 CET 2008 - rhafer@suse.de + +- Enabled NTLM authentication plugin (bnc#343665), created new + subpackage cyrus-sasl-ntlm +- Replaced %run_ldconfig macro as suggested by rpmlint +- Replaced unversioned Obsoltes/Provides with versioned ones +- Removed unneeded Split-Provides + +------------------------------------------------------------------- +Fri Oct 26 16:40:22 CEST 2007 - rhafer@suse.de + +- Fixed some RPMLINT complaints +- re-enabled accidently disabled "kerberos5" authmech for saslauthd + (Bug #335754) + +------------------------------------------------------------------- +Tue Mar 20 10:13:29 CET 2007 - rhafer@suse.de + +- Add SASLAUTHD_THREADS to /etc/sysconfig/saslauthd to be able to + set the number of threads that saslauthd should spawn + (Bug #199114) + +------------------------------------------------------------------- +Fri Oct 27 13:20:59 CEST 2006 - rhafer@suse.de + +- Use /etc/sasl2/ as directory for config files of services + %{_libdir} can still be used for backwards compatibilty + (Bug #206414) + +------------------------------------------------------------------- +Mon Sep 25 16:21:55 CEST 2006 - rhafer@suse.de + +- Remove unneeded automake/autoheader calls + +------------------------------------------------------------------- +Mon Sep 11 12:56:51 CEST 2006 - rhafer@suse.de + +- Build -sqlauxprop from cyrus-sasl-saslauthd.spec to reduce + BuildRequires of cyrus-sasl.spec +- Removed unneeded openldap2 from BuildRequires of + cyrus-sasl-saslauthd + +------------------------------------------------------------------- +Tue Aug 29 12:47:43 CEST 2006 - rhafer@suse.de + +- Enabled the ldapdb auxprop plugin and created new subpackage + cyrus-sasl-ldap-auxprop for it (Bug #201478) + +------------------------------------------------------------------- +Fri Aug 25 14:47:35 CEST 2006 - rhafer@suse.de + +- remove saslauthd man-page from cyrus-sasl package to solve + confict with -saslauthd subpackage (Bug #200490) + +------------------------------------------------------------------- +Fri Jun 2 11:33:04 CEST 2006 - rhafer@suse.de + +- updated to 2.1.22 + * new pluginviewer utility for reporting information about client + and server side authentication plugins and auxprop plugins + (e.g. supported features, methods, etc.). + * Added support for HTTP POST password validation in saslauthd +- rename SuSE.tar.gz to cyrus-sasl-rc.tar.gz to avoid name + collision with other packages in src.rpm (Bug #98188) +- include "crypt.h" in auth_shadow.c to avoid possible crash in + saslauthd (Bug #179621) + +------------------------------------------------------------------- +Mon Apr 3 15:10:49 CEST 2006 - rhafer@suse.de + +- remove dlcompat-20010505 from tarball because of legal risk and + documented this in README.Source (Bug: #161390) +- added check for dlcompat-20010505 to the spec file + +------------------------------------------------------------------- +Wed Jan 25 21:30:05 CET 2006 - mls@suse.de + +- converted neededforbuild to BuildRequires + +------------------------------------------------------------------- +Wed Nov 23 13:48:56 CET 2005 - choeger@suse.de + +- Bugfix ID#134491, cyrus-sasl-sqlauxprop is not linked against any database + +------------------------------------------------------------------- +Mon Sep 26 01:46:48 CEST 2005 - ro@suse.de + +- added LDAP_DEPRECATED to CFLAGS + +------------------------------------------------------------------- +Wed Jul 13 17:07:50 CEST 2005 - choeger@suse.de + +- use /dev/urandom instead of /dev/random, see + http://acs-wiki.andrew.cmu.edu/twiki/bin/view/Cyrus/POP3DevRandomIssue + for an explanation +- removed the useless .la files from rpm + +------------------------------------------------------------------- +Tue May 17 18:42:14 CEST 2005 - choeger@suse.de + +- update to version 2.1.21 + +------------------------------------------------------------------- +Mon Mar 14 19:46:51 CET 2005 - choeger@suse.de + +- now also build the sql auxprop plugin; created new subpackage + cyrus-sasl-sqlauxprop + +------------------------------------------------------------------- +Fri Feb 25 17:24:12 CET 2005 - uli@suse.de + +- better GCC4 fix + +------------------------------------------------------------------- +Fri Feb 25 14:40:12 CET 2005 - uli@suse.de + +- fixed to build with GCC4 + +------------------------------------------------------------------- +Tue Nov 2 20:47:23 CET 2004 - mmj@suse.de + +- Get rid of .cvsignore files +- Don't remove buildroot before install + +------------------------------------------------------------------- +Mon Oct 25 11:47:36 CEST 2004 - choeger@suse.de + +- update to version 2.1.20 + +------------------------------------------------------------------- +Wed Oct 6 15:00:16 CEST 2004 - choeger@suse.de + +- Bugfix ID#46847 - VUL-0: SASL environment variable local root + +------------------------------------------------------------------- +Mon Sep 20 15:54:37 CEST 2004 - choeger@suse.de + +- package binaries of sample-client and -server instead of + shell wrappers (which do not work) + +------------------------------------------------------------------- +Fri Sep 17 11:20:28 CEST 2004 - choeger@suse.de + +- removed saslauthd from cyrus-sasl requires, as it is only + needed on a "server" side and also not in every case (buildin + mechanisms as CRAM- or DIGEST-MD5 do not need it) +- added split-provides for saslauthd + +------------------------------------------------------------------- +Mon Sep 6 13:37:56 CEST 2004 - choeger@suse.de + +- added testsaslauthd to filelist +- removed saslauthd and insserv makros from cyrus-sasl.spec + +------------------------------------------------------------------- +Fri Sep 3 13:14:02 CEST 2004 - choeger@suse.de + +- splitted up cyrus-sasl-saslauthd.spec, to resolve the cyclic + dependency openldap2 <-> cyrus-sasl with saslauthd having + LDAP support + +------------------------------------------------------------------- +Tue Aug 31 11:55:28 CEST 2004 - choeger@suse.de + +- removed update messages and implemented "split-provides" + instead + +------------------------------------------------------------------- +Tue Aug 31 10:12:22 CEST 2004 - choeger@suse.de + +- added LDAP support for saslauthd, Bugzilla ID#44051 + +------------------------------------------------------------------- +Mon Aug 30 13:54:01 CEST 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#44346 - still using /var/adm/notify + now using new update messages mechanism +- added sample/client sample/server to file list + +------------------------------------------------------------------- +Thu Jul 15 13:50:15 CEST 2004 - choeger@suse.de + +- update to version 2.1.19 + +------------------------------------------------------------------- +Tue Jun 15 11:30:48 CEST 2004 - choeger@suse.de + +- bugfix id#39245 - cyrus-sasl includes straycat man page + +------------------------------------------------------------------- +Fri Mar 12 17:57:06 CET 2004 - choeger@suse.de + +- update to version 2.1.18 (Bugfix Release) + +------------------------------------------------------------------- +Tue Jan 27 15:39:57 CET 2004 - choeger@suse.de + +- Bugfix ID#34159 - cyrus-sasl: world-writeable rpath + +------------------------------------------------------------------- +Thu Jan 22 12:28:34 CET 2004 - choeger@suse.de + +- Bugfix Bugzilla ID#34019, notice users about the fact, that + cyrus-sasl has been splitted into subpackages + +------------------------------------------------------------------- +Fri Jan 16 13:08:08 CET 2004 - kukuk@suse.de + +- Add pam-devel to neededforbuild + +------------------------------------------------------------------- +Tue Dec 2 10:11:37 CET 2003 - choeger@suse.de + +- update to version 2.1.17 + +------------------------------------------------------------------- +Fri Oct 31 16:59:33 CET 2003 - choeger@suse.de + +- Don't build as root + +------------------------------------------------------------------- +Fri Oct 17 22:23:19 CEST 2003 - kukuk@suse.de + +- Remove unused des from neededforbuild + +------------------------------------------------------------------- +Tue Sep 16 13:13:09 CEST 2003 - kukuk@suse.de + +- Add missing Provides [Bug #31005] + +------------------------------------------------------------------- +Mon Sep 1 13:26:43 CEST 2003 - choeger@suse.de + +- removed "-u root" from startproc as it always failes +- removed link to doc/components.html from doc/index.html as + components.html does not exist (Bugzilla ID#29253) + +------------------------------------------------------------------- +Thu Aug 14 18:48:47 CEST 2003 - choeger@suse.de + +- Bugfix Bugzilla ID#28932: + missing activation metadata in sysconfig template + +------------------------------------------------------------------- +Wed Jul 30 13:27:05 CEST 2003 - choeger@suse.de + +- new macros for stop/restart of services on rpm update/removal + +------------------------------------------------------------------- +Tue Jul 15 18:52:11 CEST 2003 - choeger@suse.de + +- update to version 2.1.15 + +------------------------------------------------------------------- +Mon Jun 30 18:04:22 CEST 2003 - choeger@suse.de + +- update to version 2.1.14 + +------------------------------------------------------------------- +Wed Jun 18 12:03:48 CEST 2003 - ro@suse.de + +- use kerberos-devel-packages in neededforbuild + +------------------------------------------------------------------- +Fri Jun 13 10:25:14 CEST 2003 - kukuk@suse.de + +- Add missing directory to filelist + +------------------------------------------------------------------- +Fri May 9 09:54:05 CEST 2003 - choeger@suse.de + +- use -ldb instead of -ldb-x.y to manually link the + dbconverter + +------------------------------------------------------------------- +Tue May 6 14:37:14 CEST 2003 - choeger@suse.de + +- update to version 2.1.13 + +------------------------------------------------------------------- +Tue Apr 15 08:50:41 CEST 2003 - ro@suse.de + +- added krb4-lib,krb4-devel to neededforbuild + +------------------------------------------------------------------- +Mon Apr 7 14:56:11 CEST 2003 - choeger@suse.de + +- renamed to cyrus-sasl +- splitted libraries for the following auth methods into seperate + packages: + - crammd5 + - digestmd5 + - otp + - plain + this is to prevent from annoying warnings about missing proper + setup of mechanisms we don't use + +------------------------------------------------------------------- +Thu Mar 6 18:19:30 CET 2003 - choeger@suse.de + +- ever used dbconverter-2? Well it is just a shell script + which uses the damn compiled source tree... :-( + manually building dbconverter to let users convert their + /etc/sasldb from v1 to v2 using /usr/sbin/dbconverter + +------------------------------------------------------------------- +Thu Mar 6 17:34:18 CET 2003 - choeger@suse.de + +- as cyrus-sasl is dropped now: + provide cyrus-sasl-*, obsolete cyrus-sasl-* + (Bugzilla ID# 24762) + +------------------------------------------------------------------- +Tue Feb 4 10:48:37 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.12, bug-fix release. + This release addresses a few minor build and distribution + related issues + +------------------------------------------------------------------- +Mon Feb 3 10:54:48 CET 2003 - choeger@suse.de + +- update to cyrus-sasl-2.1.11, bug-fix release. + It addresses a number of issues in the build system, a + memory leak in the doors IPC method for saslauthd, and fixes the NTLM + server side support to only require one of the LM or NT methods. + +------------------------------------------------------------------- +Thu Jan 23 11:03:56 CET 2003 - choeger@suse.de + +- don't use new libtool macros as cyrus-sasl2 seems to not + work when using them. +- added patch to compile shared libraries on ppc + +------------------------------------------------------------------- +Wed Jan 15 09:21:28 CET 2003 - kukuk@suse.de + +- Remove openldap2 from needed for build + +------------------------------------------------------------------- +Tue Jan 14 11:18:35 CET 2003 - choeger@suse.de + +- do not build the static library anymore + +------------------------------------------------------------------- +Wed Dec 11 13:15:29 CET 2002 - choeger@suse.de + +- added sysconfig metadata to sysconfig templates + +------------------------------------------------------------------- +Tue Dec 10 09:46:44 CET 2002 - choeger@suse.de + +- update to version 2.1.10 + This version corrects a number of DIGEST-MD5 + interoperability issues, as well as corrects some potential buffer + overflows. + +------------------------------------------------------------------- +Thu Oct 31 00:23:42 CET 2002 - ro@suse.de + +- make it build again + +------------------------------------------------------------------- +Tue Oct 29 15:13:35 CET 2002 - ro@suse.de + +- remove own libtool macros + +------------------------------------------------------------------- +Thu Oct 24 10:42:11 CEST 2002 - choeger@suse.de + +- update to latest version 2.1.9 + +------------------------------------------------------------------- +Thu Sep 12 14:52:42 CEST 2002 - choeger@suse.de + +- Bugfix Bugzilla ID#19383: cyrus-sasl-devel should conflict + with cyrus-sasl2-devel, because they contain files with the + same name + +------------------------------------------------------------------- +Mon Aug 19 18:48:02 CEST 2002 - rhafer@suse.de + +- enabled building of the static libsasl.a. It is needed for + cyrus-imap to be usable with nss_ldap (which is linked against + cyrus-sasl1) + +------------------------------------------------------------------- +Mon Aug 12 11:04:01 CEST 2002 - choeger@suse.de + +- update to version 2.1.7 + +------------------------------------------------------------------- +Thu Aug 8 10:31:06 CEST 2002 - choeger@suse.de + +- added .la files to the sasl2 plugin directory + ([lt_]dlopen seems to need that) + +------------------------------------------------------------------- +Mon Aug 5 17:07:37 CEST 2002 - choeger@suse.de + +- added Prereq + +------------------------------------------------------------------- +Sat Jul 27 18:09:53 CEST 2002 - adrian@suse.de + +- add %run_ldconfig + +------------------------------------------------------------------- +Wed Jul 17 10:08:45 CEST 2002 - choeger@suse.de + +- update to version 2.1.6 + +------------------------------------------------------------------- +Wed Jun 19 18:25:16 CEST 2002 - choeger@suse.de + +- also install dbconverter-2 to be able to migrate from + cyrus-sasl(1) + +------------------------------------------------------------------- +Tue Jun 18 16:21:06 CEST 2002 - choeger@suse.de + +- /var/run/sasl2 must be 755 to let non root daemons + connect to unix socket + +------------------------------------------------------------------- +Tue Jun 18 16:09:08 CEST 2002 - choeger@suse.de + +- added initscript and sysconfig file for saslauthd +- added docs + +------------------------------------------------------------------- +Tue Jun 18 12:34:35 CEST 2002 - rhafer@suse.de + +- added opie to needforbuild +- should build on ppc64 and s390x now + +------------------------------------------------------------------- +Mon Jun 17 20:37:14 CEST 2002 - rhafer@suse.de + +- additional autoconf related patches, that were missing at first + check in + +------------------------------------------------------------------- +Mon Jun 17 18:12:24 CEST 2002 - rhafer@suse.de + +- Initial checkin of cyrus-sasl-2.1.5 + diff --git a/cyrus-sasl.dif b/cyrus-sasl.dif new file mode 100644 index 0000000..17f7217 --- /dev/null +++ b/cyrus-sasl.dif @@ -0,0 +1,49 @@ +Index: m4/cyrus.m4 +=================================================================== +--- m4/cyrus.m4.orig ++++ m4/cyrus.m4 +@@ -36,7 +36,7 @@ AC_DEFUN([CMU_GUESS_RUNPATH_SWITCH], [ + SAVE_LDFLAGS="${LDFLAGS}" + LDFLAGS="-R /usr/lib" + AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-R"], [ +- LDFLAGS="-Wl,-rpath,/usr/lib" ++# LDFLAGS="-Wl,-rpath,/usr/lib" + AC_TRY_LINK([],[],[andrew_cv_runpath_switch="-Wl,-rpath,"], + [andrew_cv_runpath_switch="none"]) + ]) +Index: Makefile.am +=================================================================== +--- Makefile.am.orig ++++ Makefile.am +@@ -44,6 +44,7 @@ ACLOCAL_AMFLAGS = -I m4 + # + ################################################################ + ++ACLOCAL_AMFLAGS=-I config -I cmulocal + if SASLAUTHD + SAD = saslauthd + else +Index: sasldb/Makefile.am +=================================================================== +--- sasldb/Makefile.am.orig ++++ sasldb/Makefile.am +@@ -57,3 +57,9 @@ EXTRA_libsasldb_la_SOURCES = $(extra_com + libsasldb_la_DEPENDENCIES = $(SASL_DB_BACKEND) + libsasldb_la_LIBADD = $(SASL_DB_BACKEND) $(SASL_DB_LIB) + libsasldb_la_LDFLAGS = -no-undefined ++ ++# avoid these two files created at the same time, they use both the same ++# dep file ++db_berkeley.lo: db_berkeley.o ++allockey.lo: allockey.o ++ +Index: saslauthd/Makefile.am +=================================================================== +--- saslauthd/Makefile.am.orig ++++ saslauthd/Makefile.am +@@ -1,4 +1,5 @@ + AUTOMAKE_OPTIONS = 1.7 ++ACLOCAL_AMFLAGS=-I ../config -I ../cmulocal + sbin_PROGRAMS = saslauthd testsaslauthd + EXTRA_PROGRAMS = saslcache + diff --git a/cyrus-sasl.spec b/cyrus-sasl.spec new file mode 100644 index 0000000..bea8248 --- /dev/null +++ b/cyrus-sasl.spec @@ -0,0 +1,306 @@ +# +# spec file for package cyrus-sasl +# +# Copyright (c) 2024 SUSE LLC +# +# All modifications and additions to the file contributed by third parties +# remain the property of their copyright owners, unless otherwise agreed +# upon. The license for this file, and modifications and additions to the +# file, is the same license as for the pristine package itself (unless the +# license for the pristine package is not an Open Source License, in which +# case the license is the MIT License). An "Open Source License" is a +# license that conforms to the Open Source Definition (Version 1.9) +# published by the Open Source Initiative. + +# Please submit bugfixes or comments via https://bugs.opensuse.org/ +# + + +%define lname libsasl2-3 +Name: cyrus-sasl +Version: 2.1.28 +Release: 0 +Summary: Implementation of Cyrus SASL API +License: BSD-4-Clause +Group: Productivity/Networking/Other +URL: https://github.com/cyrusimap/cyrus-sasl/ +Source: https://github.com/cyrusimap/cyrus-sasl/releases/download/cyrus-sasl-%{version}/cyrus-sasl-%{version}.tar.gz +Source1: cyrus-sasl-rc.tar.bz2 +Source2: README.Source +Source3: baselibs.conf +Patch0: cyrus-sasl.dif +Patch5: cyrus-sasl-no_rpath.patch +Patch6: cyrus-sasl-lfs.patch +Patch7: fix_libpq-fe_include.diff +Patch8: 0001-Fix-time.h-check.patch +Patch9: cyrus-sasl-make-digestmd5-work-ssl3.patch + +BuildRequires: gdbm-devel +BuildRequires: krb5-mini-devel +BuildRequires: libtool +BuildRequires: openssl-devel +BuildRequires: pam-devel +BuildRequires: pkgconfig +Conflicts: cyrus-sasl-bdb +%ifarch ppc64 +# bug437293 +Obsoletes: cyrus-sasl-64bit +%endif + +%description +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package gssapi +Summary: Plugin for the GSSAPI SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-gssapi + +%description gssapi +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package crammd5 +Summary: Plugin for the CRAMMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-crammd5 + +%description crammd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package digestmd5 +Summary: Plugin for the DIGESTMD5 SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-digestmd5 + +%description digestmd5 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package otp +Summary: Plugin for the OTP SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-otp + +%description otp +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package plain +Summary: Plugin for the PLAIN SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-plain + +%description plain +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package ntlm +Summary: Plugin for the NTLM SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-ntlm + +%description ntlm +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package gs2 +Summary: Plugin for the GS2 SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-ntlm + +%description gs2 +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%package scram +Summary: Plugin for the SCRAM SASL mechanism +Group: Productivity/Networking/Other +Requires: %{name} = %{version} +Conflicts: cyrus-sasl-bdb-scram + +%description scram +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 5802 for more +information. + +%package devel +Summary: Cyrus SASL API Implementation, Libraries and Header Files +Group: Development/Libraries/C and C++ +Requires: %lname = %version +Requires: glibc-devel +Conflicts: cyrus-sasl-devel-bdb +# bug437293 +%ifarch ppc64 +Obsoletes: cyrus-sasl-devel-64bit +%endif + +%description devel +This is the Cyrus SASL API. It can be used on the client or server side +to provide authentication. See RFC 2222 for more information. + +%package -n libsasl2-3 +Summary: Simple Authentication and Security Layer (SASL) library +Group: System/Libraries + +%description -n libsasl2-3 +Simple Authentication and Security Layer (SASL) is a framework for +authentication and data security in Internet protocols. + +This is the Cyrus SASL API implementation. It can be used on the client +or server side to provide authentication. See RFC 2222 for more +information. + +%prep +%setup -q -n cyrus-sasl-%{version} -a 1 +if [ -e %{_builddir}/%{name}-%{version}/dlcompat-*/ ] +then + echo "dlcompat contains potential legal risks." + rm -rf %{_builddir}/%{name}-%{version}/dlcompat-* +fi +%patch -P 0 +%patch -P 5 -p1 +%patch -P 6 -p1 +%patch -P 7 -p1 +%patch -P 8 -p1 +%patch -P 9 -p1 + +%build +find . -name "*.cvsignore" -exec rm -fv "{}" "+" +autoreconf -f +export CFLAGS="%optflags -fno-strict-aliasing" +%configure --with-pic \ + --with-plugindir=%{_libdir}/sasl2 \ + --with-configdir=%{_sysconfdir}/sasl2/:%{_libdir}/sasl2 \ + --with-saslauthd=/run/sasl2/ \ + --with-dblib=gdbm \ + --enable-pam \ + --enable-sample \ + --enable-login \ + --enable-gssapi \ + --enable-ntlm \ + --enable-krb4=no \ + --enable-sql=no \ + --with-devrandom=/dev/urandom +%make_build sasldir=%{_libdir}/sasl2 + +%install +make DESTDIR=%{buildroot} sasldir=%{_libdir}/sasl2 install +mkdir -p %{buildroot}%{_bindir} +mkdir -p %{buildroot}%{_sysconfdir}/sasl2 +install -m 755 sample/.libs/client %{buildroot}%{_bindir}/cyrus_sasl_sample_client +install -m 755 sample/.libs/server %{buildroot}%{_bindir}/cyrus_sasl_sample_server +find doc -type f -exec chmod 0644 {} \; +rm -f doc/Makefile* +rm -f %{buildroot}/%{_mandir}/cat?/* +rm -f %{buildroot}/%{_mandir}/man8/saslauthd* +rm -f %{buildroot}/%{_mandir}/man8/testsaslauthd* +rm -f %{buildroot}%{_sbindir}/saslauthd +rm -f %{buildroot}%{_sbindir}/testsaslauthd +find %{buildroot} -type f -name "*.la" -delete -print + +%pre +#Convert password file from berkely into gdbm +#In %pre the existing file will be dumped out + +if test -x %{_bindir}/db_verify && %{_bindir}/db_verify %{_sysconfdir}/sasldb2 >/dev/null 2>&1 ; then +cat > %{_localstatedir}/adm/update-scripts/saslpw.awk < %{_localstatedir}/adm/update-scripts/saslpwd +rm -f %{_localstatedir}/adm/update-scripts/saslpw.awk +mv %{_sysconfdir}/sasldb2 %{_sysconfdir}/sasldb2-back +fi + +%post +if [ -e %{_localstatedir}/adm/update-scripts/saslpwd ]; then + chmod 755 %{_localstatedir}/adm/update-scripts/saslpwd + %{_localstatedir}/adm/update-scripts/saslpwd + rm -f %{_localstatedir}/adm/update-scripts/saslpwd +fi + +%post -n %lname -p /sbin/ldconfig +%postun -n %lname -p /sbin/ldconfig + +%files -n %lname +%{_libdir}/libsasl2.so.3* + +%files +%license COPYING +%dir %{_libdir}/sasl2 +%{_libdir}/sasl2/libanonymous.so* +%{_libdir}/sasl2/liblogin.so* +%{_libdir}/sasl2/libsasldb.so* +%dir %{_sysconfdir}/sasl2/ +%{_sbindir}/* +%{_bindir}/* +%{_mandir}/man3/sasl.*.gz +%{_mandir}/man8/*.gz + +%files gssapi +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgssapiv2.so* + +%files crammd5 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libcrammd5.so* + +%files digestmd5 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libdigestmd5.so* + +%files otp +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libotp.so* + +%files plain +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libplain.so* + +%files ntlm +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libntlm.so* + +%files gs2 +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libgs2.so* + +%files scram +%dir %_libdir/sasl2/ +%{_libdir}/sasl2/libscram.so* + +%files devel +%license COPYING +%doc AUTHORS ChangeLog README doc +%_includedir/sasl/ +%{_mandir}/man3/sasl_*.gz +%{_libdir}/libsasl2.so +%{_libdir}/pkgconfig/* + +%changelog diff --git a/fix_libpq-fe_include.diff b/fix_libpq-fe_include.diff new file mode 100644 index 0000000..1d95017 --- /dev/null +++ b/fix_libpq-fe_include.diff @@ -0,0 +1,11 @@ +--- cyrus-sasl-2.1.27.orig/plugins/sql.c 2016-12-10 16:45:55.000000000 +0100 ++++ cyrus-sasl-2.1.27/plugins/sql.c 2018-11-17 14:04:33.821540573 +0100 +@@ -188,7 +188,7 @@ + #endif /* HAVE_MYSQL */ + + #ifdef HAVE_PGSQL +-#include ++#include + + static void *_pgsql_open(char *host, char *port, int usessl, + const char *user, const char *password, diff --git a/pre_checkin.sh b/pre_checkin.sh new file mode 100644 index 0000000..d963b27 --- /dev/null +++ b/pre_checkin.sh @@ -0,0 +1,13 @@ +#!/bin/bash + +echo -n "Generating cyrus-sasl-saslauthd " + +cp cyrus-sasl.changes cyrus-sasl-saslauthd.changes +cp cyrus-sasl.changes cyrus-sasl-saslauthd.changes +cp cyrus-sasl.changes cyrus-sasl-bdb.changes +cp cyrus-sasl.changes cyrus-sasl-saslauthd-bdb.changes +SASLVERSION=$(awk '/^Version/ {print $2; exit;} {next;};' < cyrus-sasl.spec) +perl -pi -e "s/^Version:.*/Version: $SASLVERSION/" cyrus-sasl-saslauthd.spec +perl -pi -e "s/^Version:.*/Version: $SASLVERSION/" cyrus-sasl-bdb.spec +perl -pi -e "s/^Version:.*/Version: $SASLVERSION/" cyrus-sasl-saslauthd-bdb.spec +echo "Done." diff --git a/saslauthd.service b/saslauthd.service new file mode 100644 index 0000000..4e032c3 --- /dev/null +++ b/saslauthd.service @@ -0,0 +1,15 @@ +[Unit] +Description=saslauthd Server Daemon +After=network.target + +[Service] +Type=forking +EnvironmentFile=/etc/sysconfig/saslauthd +ExecStart=/usr/sbin/saslauthd -a $SASLAUTHD_AUTHMECH -n $SASLAUTHD_THREADS $SASLAUTHD_PARAMS +ExecReload=/bin/kill -HUP $MAINPID +ExecStop=/bin/kill -TERM $MAINPID +Restart=always + +[Install] +WantedBy=multi-user.target +